I just noticed that I don’t appear to need to use authenticated SMTP to send mail via any of my interworx servers. I can just use it as a relay to send mail to anyone from anyone. Obviously unless I’m missing something this is very bad. Is this a bug that has cropped up in 2.0?
Hi Paul,
Are you sure you aren’t sending to a domain the is set up as a SiteWorx account on the server? It will accept mail to any such domain, and that is normal.
The other thing you may be seeing is pop before smtp authentication - when you check your pop3 box on your InterWorx server (which is authenticated), a window in time opens where you can send mail from that IP address.
If neither of these things are the case, and you’re still convinced there’s an open relay, there must be some configuration problem and you may want to open a support ticket. However, the vast majority of the time it’s one of the two above scenarios.
Paul
I do check mail fairly often through IMAP so I suppose that could be the case (assuming the same window opens for an unauthenticated transfer). I’ll look into it a bit more.
Try one of the Open Relay test sites to get an outside point of view on things.
Google should give you a bunch, but here is one of the more popular ones and the one I always use.
PaulK,
InterWorx is using Qmail as it’s MTA with tcpserver look to see if you have anything in the file /etc/tcp.smtp. If you don’t then the server is an open relay.
In order to prevent this do the following commands from SSH which will only allow the localhost to relay. Of course this only matters if you have root access to the box.
echo ‘127.:allow,RELAYCLIENT=""’ >> /etc/tcp.smtp
qmailctl cdb
qmailctl stop
qmailctl start
Thanks for the info everyone, it looks like it was doing POP before SMTP authentication and that was what was allowing it.
[root@evangelie root]# qmailctl cdb
-bash: qmailctl: command not found
[root@evangelie root]# qmailctl stop
-bash: qmailctl: command not found
[root@evangelie root]# qmailctl start
-bash: qmailctl: command not found
qmailctl isn’t on my system either.
You can use the smtp init scrpts to start/stop mail, like
service smtp stop/start/restart
You can rebuild the /etc/tcprules.d/tcp.smtp with
~vpopmail/bin/clearopensmtp
Paul