Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - open relay problem
  FAQ FAQ  Forum Search   Register Register  Login Login

open relay problem
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
john View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote john Quote  Post ReplyReply Direct Link To This Post Topic: open relay problem
    Posted: 19 April 2004 at 4:09pm

I checked on the system administrator menu for exchnage 5.5 and i do not ahve Internet mail service running, yet I get emails stating my server is an open relay. Is it possible spam filter is open relaying emails?

how do I lock this down on a win2k server running ms exchange v5.5?

 
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 19 April 2004 at 4:35pm

Sorry -- delete this one

 
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 19 April 2004 at 4:38pm

Perhaps I misunderstood.   Is Exchange and Spam Filter on the same machine?  What configuration do you have?  SpamFilter should be the very first server in the "Chain" and you must specify the hosted domains.


Regards,

Dan S.

 
Back to Top
ninja_pimp View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote ninja_pimp Quote  Post ReplyReply Direct Link To This Post Posted: 20 April 2004 at 5:30pm

spamfilter is installed on a win2k server that runs ms exchange v5.5

the internet mail service is not running, this is what causes open relay on ms exchange 5.5

my question to you is there a way to prevent emails from being relayed on spamfilter.

spamfilter seems to be acting as a gateway hence its acting as an open relay and I must STOP this open relay.

I checked on ms exchange and IMS is NOT installed hence its not relaying any email.

 
Back to Top
ninja_pimp View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote ninja_pimp Quote  Post ReplyReply Direct Link To This Post Posted: 20 April 2004 at 5:33pm

I don't need ms exchnage help, i just need help understanding how spamfilter open relays messages.

I wish to disable or prevent the open relay feature.

the spam filter is acting as a MS Mail gateway to your Exchange server.
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 20 April 2004 at 11:09pm

John,

I am not sure I understand the question.  What receives inbound mail from the OUTSIDE?  And then, where does that server send it's mai to.

The "normal" configuration is that you MX record points to SpamFilter and it is the server that receives inbound mail.  Then SpamFilter forwards (relays) the messages that are not blocked to the server that has your accounts configured on it.  If that is the case, SpamFilter should have a list of allowed (hosted) domains in the "Local Domains" white lists. The "Excluded Domains / IP" White list, in most cases, is empty except for servers that AREW, in fact ALLOWED to relay through SpamFilter.

If SpamFilter and your server that receives the filtered mail are on the same machine they can not share the same IP unless you change the port of the second server.  This is actually good to do because then it will not answer on port 25 and therefore will not operate as an "Open Relay"

Does this answer your wuestion?

Regards,

Dan S. (SpamFilter USER)
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 April 2004 at 12:59am

John,

In the default configuration (no custom user settings) SpamFilter will *not* accept any emails to relay.

USers will need to specify a list "Local Domains" for which SpamFilter will accept email. Only emails addressed to those local domains will be accepted and then forwarded (relayed) to your destination SMTP server.

Furthermore administrators can setup several "whitelists" of domains, IP, emails, etc. Any sender that appears on the whitelist will be able to relay email thru SpamFilter to your destination SMTP server. Please note that SpamFilter will not relay emails out to the internet, it will simply forward them to the destinatino SMTP server you specify.

If users misconfigure the "Local Domains" by placing too broad of a wildcard in the list, or any other white list as a matter of fact, they will possibly cause SpamFilter to accept emails for all domains, and thus cause it to be an "open relay".

Roberto F.
LogSat Software
Back to Top
vmorgo View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote vmorgo Quote  Post ReplyReply Direct Link To This Post Posted: 29 April 2004 at 12:18am

Actually, I have both spamfilter and Norton Antivirus Corporate running on one machine, and the e-mail server on a second machine.  The mail routes in to port 25 on the host machine, "spamhost", which is monitored by Norton Antivirus Gateway (NAVGW).  There, the mail is processed for viruses and (optionally) attachments with various extensions are blocked.  Then, NAVGW forwards the mail to a high-order port (above 1024) on the same machine (i.e. on the same IP address), so the mail "loops" back to the same machine, but a different port-number, where it finds spam-filter waiting.  Spamfilter filters out the spam, forgets to log it in the database for review (This problem is the subject of a posting I will make in a moment--it just started happening a few days ago), and then forwards on only the good mail (mostly, anyway.)  Spamfilter sends the mail to port 25 on the e-mail server which then (when the wind is blowing just right and the sun is in the appropriate astrological sign), disseminates it to the proper users. 

If I wanted to, I could put both spamfilter and NAVGW on the same machine as my e-mail server, but that would be putting all my eggs in one basket.  I figure it is always better to modularize--easier to fix a broken antivirus scanner or spam-filter without necessarily having to have the entire e-mail server down.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 30 April 2004 at 12:31am

If Norton is the first application that receives the email, then you'll want to configure it so that it does not allow relay, since if things are as you described them, it is Norton that is accepting email from the internet and then allowing relay by passing everything to SpamFilter.

Without looking at your logs we can't be 100% certain, but it's likely that SpamFilter sees the emails originating from Norton since it would receive a connection from either the IP Norton is listening on or 127.0.0.1. Since the IP is local to the server SpamFilter will trust it and will proceed to deliver it to your mail server.

Unless Norton is able to pass-thru the original IP address of the sender so that SpamFilter sees it, you will not be able to make use of some of the filtering power SpamFilter uses by applying IP-based filters, like MAPS, reverse DNS, IP-blocking, IP-whitelisting. You'd usually want to place SpamFilter first in line to accept traffic, then forward non-spam emails to your antivirus server, which will then pass them on to your smtp server. This topology will allow SpamFilter to see the original IP of the sender and perform more accurate filtering by using the IP-based rules.

Roberto F.
LogSat Software

 
Back to Top
vmorgo View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote vmorgo Quote  Post ReplyReply Direct Link To This Post Posted: 01 May 2004 at 4:32pm
I've reversed the SpamFilter and Norton Antivirus installations. While this has not fixed the open relay problem, it HAS improved the way SpamFilter works, as I now see addresses being resolved which wasn't happening before.

Thank you, very much, for that!

I am running spamfilter on a new machine, now, and have noticed that a number of the problems I had with the old Celeron-based server have gone away.

I do still have one problem with the old server though: The old installation of Spamfilter ISP claims the database is active, but nothing ever gets logged into it. I made sure that the server ID is correct in both the database and the INI file, and it is.

Any thoughts?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 02 May 2004 at 9:50pm

Vance,

Can you try stopping SpamFilter, delete the tblServersServerID line from the SpamFilter.ini file, delete the record in the tblServers table in the database containing your server, then restart SpamFilter. If that still does not work, please try following the 3 steps under the Settings tab, QuarantineDB sub-tab.

Roberto F.
LogSat Software
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.098 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us