Groupwise SMTP relay

[JaseUK]

Dear all,

I have disabled relaying in Groupwise 5.5 and understand that the Groupwise SMTP server accepts messages for posting from anyone who connects to it without challenging them and forwards them to the postmaster as undeliverable items. It would seem to me that over time people have come to think of my SMTP server as an open gateway through which messages can be successfully relayed. Obviously they are wrong - but they will never know this as Groupwise does not tell them that they are unsuccessful.

ANYWAY - the point is: We receive now hundreds of messages a day that are nothing to do with us. Groupwise accepts the whole post (attachments and all!!) and this is consuming our bandwidth. Is there anything we can do to stop this short of putting an intermediate SMTP server in the way that challenges servers posting to domains that are not our own??

TIA,
Jason.

 

[sobak]

Not if you're using GroupWise 5.x alone. GroupWise 6.x is the first SMTP server from the GroupWise suite to challenge the sender. If it fails then it drops the connection. There are some third party products that will filter but not do anything about your bandwidth problem. If you want to cure your bandwidth problem I believe you would need to install an SMTP server that challenges the sender, or Upgrade to GroupWise 6.x. david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[dpellegrini]

Interesting finding. I've been doing some testing on our Groupwise 5.5 box. It appears that, yes, it accepts the messages and dumps them into the problem directory, but won't forward them. There is 1 exception to this. If the spammer uses the Groupwise servers IP address or hostname, in the Mail From:<sender> , then it will forward (relay) the messages. This is why ORDB.ORG and others still black list groupwise servers. I hope 6x fixes this problem

Domenick Pellegrini
dpellegrini@yahoo.com

 

[sobak]

GroupWise 6 has fixed this problem check out this TID...

http://support.novell.com/cgi-bin/search/searchtid.cgi?/10063816.htm

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[gillis]

I should visit here more often. Thanks for your knowledge and willingness to share. Coincidentally, two things happened to me in the last two days; both of which are addressed in this thread:
1) yesterday I received an unsolicited email from ORDB.org (I'd never heard of them until that email) saying my system was an &quot;open relay&quot;. I'm still trying to understand the ramifications of this...

2) today, the server announced that the SYS volume was full and that happens to be where the Groupwise system resides. After doing a little poking about, I sent an email to all users asking them to clean up their trash, at least until I can get a more permanent fix.

I'll continue to monitor this forum as it obviously contains relevant inform. for newbie admins. like myself.

Thanks, jgiles

 

[sobak]

I also got a message a few weeks ago from the ORDB. To tell you the truth, they have really updated their site pretty good. It actually helped me to shut down my Relay server.

I was denying relaying if the sender was from another domain but I had an exception that was causing a problem. In the &quot;permit to relay&quot; rule I had from mydomain.com to * now if someone attempted to send an e-mail from anotherdomain.com it would get blocked but if they put anything@mydomain.com the e-mail would relay. That is why I got on the ORDB database. I modified the rule and had DRDB test it for an open relay, within 10 hours I was out of the database without talking to anyone. It seems that you can test your site on-line and if it doesn't receive a response then it's taken out of the database.

Just some interesting side notes.......

Now the question is does anyone have problems sending to an EXIM server?????


david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*

 

[dpellegrini]

Here is the information I have reguarding the relay issue in Groupwise 5.5:
With Relaying turned off, the GW5.5 E-mail system will NOT relay using a standard quote hack, as reported by groups such as ORDB.ORG. The standard quote hack would be as follows:

telnet <domain> 25
helo
mail from: <spammer@spam.com>
rcpt to:<&quot;victim@victim.com&quot;>
data
whatever
.

This will dump the attempted spam into the problem directory and will look like this in the file:

ÿWPCš      š        ýÅßÀv~ä_§ˆøoTº4ƒËy¨™@¥Eö˹i¾–ìWÐO%~çBYµõÄ¯²Üó²ï‘>f‡I­EþËŒfS¦¨J;Gò€\º4ì!1ãבºÜJy&
$h…ÕäWØOw´Âª¶Å§w+v·êâY§ÐJ;sp=û‚Fv
 n    ¼ïˆ
<  ï
!Ná

¬¬çvº*AZî_ñLæÓŸÙí÷ÝeÜ_ˆA1(ž‰ZZÊFÖ–hQªó&quot;`vñÐ7IÍ>ùNºÓAZxÚè“–ðë¾p׉¨ÇÓÙêÉT|un×—·Æˆ®tùö`¢Q|€€[k;5q\z;yü+RS
tAµpϲ¸k»þc¥(ySiKæé¢öVèÝkê­oI~ÉeÆ3XÜÚ
)ìÝmБ•á«™Ÿ´ì]oÖ V×9æ­­&æÂÔT³2.w{›ø§z£‘üˆ§¾àeX#ž t׺@/¤fIDšs‘YÐz§ ÚP2•ó	žñls¿&2JÄ¿FÒ¡MÒKÿù7Äò4-ï»ð$Ûüù ”LK\*ÙÃ/F2Up—²m0¤#’÷:‡l¤•HºÅ9j%àÚÆ~¬LkÔ
ÞS©ï¶ó“i® ’?`ÌyñœQÆŸlÞåWÍÔ¸—tÛ÷QêظúòŸ·.sx§mg¾ST¥8‚鋶”®ˆ
¼ï8 °þ    !rrá

¬¬çvD%4÷6ŸlÝ}(-‚±žÿ;Øœ¾8ÕYËÜD­|Ë8 ¼ï€ <  h  !Øðá

¬¬ç÷6AS–^óPAH&IáÄçtš€MÃ豕ÏÜ;É‹™hQý¼iÑ<NåÊC>I;ñtàYêlOÁ‘¾Ð‚¶^—“è›ÒKêÃL
`¯ÓɶûˆðtâÇaê·œ‘QoƶQðŸè+Yêñ;€ ¼ïè °þ Ð  !…¦á

¬¬ç)vI$0à:—vÅ5bH$ÍŸÊA´*Ðÿ~€­åíÿM†™a2„‰:•q©Ž	
BvÏT´i0Æ
š±¿‘–B§›Ù‰ãIÐó~FQ—óê†Ç¸ÜyàŸD«$Wèô5®Õ‘ ê‡O°>‹!ñ1–çå·E¦8§W©.åÎíFâµÙ +wØ“4BPK&º––­¸ýoIŸB*°ÙÎœ¨–€æÜœ~¾†>U苊כ¨ôLü#yŽN:êý–ðÖÃã®åƒÒ9êÃLaŽÓǶòˆè ¼ïD <  + 
! uá

¬¬ç÷6AS–^óPAH&IáÄ?tš€M§L±•ÉÜ.É‹Ú$˜ÛµHDùoRD    
    §ß<,¹ôUÌl9	10fLšµôQÁÆò÷·‘úë±SL–[+ÔwôR¹}òá·ct»1Iï`AÍÅÏ7—Ð=HtøÝc,ùð6Ì16 k1Nbø«ò>Ì ·?$¶Lø]RÔ°p(ú•± þiˆNpmxˆØ‚¾é
È7^ý96ltVÜB,!÷—ÍK7˜	ÂÁGõ¿Ù µø¿3zÈH6BLÁÓÔ÷‡õI7¤ñ[6›qÿ¿Ë,÷bïȉÂl'@´_Ûü2þ·
óxÈ•wŠ,x æž¾øÉê7ó:{7kœGۏ@þæ7œß7–wð‹Oxó¨¾ÙŸ7†9 @tÚ;RøW̽8
3A:WìR9yö5¾Áú

While watchdog groups like ORDB.ORG use this in it's testing envelopes, it also uses this technique:

telnet <domain> 25
helo
mail from: <spammer@targetserver.com>
rcpt to:<&quot;victim@victim.com&quot;>
data
whatever
.

This will relay through the e-mail server. The difference is that the mail from address, is listed as origionating from the host the spammer is relaying through. Even though the user name is not valid on that host, it will still relay.

Domenick Pellegrini
dpellegrini@yahoo.com