Mail Relay possible with PSA!!

Discussion in 'Plesk 6.0 Troubleshooting and Problems' started by roberto@, Apr 25, 2004.

  1. roberto@

    roberto@ Mega Poster

    Messages:
    122
    Become a spammer
    Test yourself with plesk.com server ;-)

    1. Set the smtp authentication in psa!!
    2. Create an email account in your mail client
    Your email anything@plesk.com
    user and password = blank (not important)
    3. send a message to sales@plesk.com and CC 2 milions addresses.

    You will be able to address your spam to 2 milion users using a fake plesk address (anything@plesk.com)

    * THIS IS JUST AN EXAMPLE
    TEST IT ON YOUR SERVER AND CC A COUPLE OF ADDRESSES OUTSIDE. IT'S THE SAME BUT YOU WILL UNDERSTAND WHAT I MEAN.

    This is a big big bug in qmail and I hope you can help me solve this problem.
    My server has been used for days to spam the world!!!! I could not find a real professional solution. Worst case it is difficult to get that you have been hacked. Once you find that, you have to monitor your tcp and find the ip address.. then put it behind a firewall.
    Any ideas???
     
  2. No way to do that...

    I can't create an email-account without a password...
     
  3. kram@

    kram@ Mega Poster

    Messages:
    209
    MAIL RELAY !!

    Hi there,

    I have just started recieveing email indicating that my server is sending ** SPAM ** mail as a realy. I then did a few test to determine if my server was open realy * I have used the SMTP auth function in the PSA mail server settings.

    I used the following link

    http://www.spa-mail.com
    This is what my results were:

    Result

    Rejection -- This server is not anti-relay.

    About the coping when the following item passes a test after introduction in SPA SMTP Server.
    *When the relay is possible in Relay test 3.
    A relay is permitted by the blank in "MAIL FROM:".
    Add to the effect.dat file with "#blank false".

    *When the relay is possible in Relay test 18.
    An account name, postmaster, is defined by the user or the alias.
    The account name, postmaster, change a name.

    Does anybody know what all this means and how do i secure my server from Mail Realy!

    Regars
    Kram
     
  4. faris

    faris Guru

    Messages:
    934
    Hopefully someone with more knowledge will investigate further but.... I once went into panic mode when doing a relay test on my server. However, on reading more details about the test, it mentioned that some MTAs, specifically including qmail, would return false positives. So maybe things may not be as bad as they seem at first glance?

    This was some time ago though. maybe things have changed.

    Faris
     
  5. roberto@

    roberto@ Mega Poster

    Messages:
    122
    you can redirect to /dev/null using procmail
     

Share This Page