Eircom Testing Open Relaysh

liamo · 18-08-2004 7:56am #1

Hi All,

As usual, I checked my logs this morning. As usual, there were the expected "Relaying Denied" warnings from Sendmail as the spammers test my server.

This morning, however, was different. The same IP Address (159.134.118.145) tried 20 times with a destination email address at eircom.net. This was a little unusual so rather than simply deleting the log report I looked up the IP Address. It resolves to openrelaytester.eircom.net.

It looks like Eircom are doing some proactive work to prevent spam and I have to applaud them for that.

Regards,

Liam

mneylon · 18-08-2004 2:59pm

Are you an Eircom user?
I would presume that you are if they are doing these kind of checks against their own subscribers.
Could you confirm that?

liamo · 18-08-2004 6:01pm

Sorry, I omitted that very salient piece of information from my original post. Yes, I am an Eircom DSL user.

I don't know what they'll actually do if they find an open relay. Contact the owner? Block SMTP traffic from that IP? Whatever their intentions, it does show that they're aware of the problem.

Regards,

Liam

mneylon · 18-08-2004 6:06pm

I would hope that they would block SMTP traffic at least until the problem was resolved.
It would be interesting to see if this is a new Eircom policy, as a lot of their netblocks have been ending up in Spamhaus over the last few months.

liamo · 19-08-2004 7:36am

Another 75 hits in this morning's log report. I don't mind them testing for an open relay but it's good manners to ask before hammering my box with tests. How many times do they need to test anyway? I reckon it's their system that they're testing.

Anyway, I had a look at their policy. Relevant section reprinted below .....

2.6 Some Customers administer their own mail servers to send and receive email across eircom net systems. These mail servers can potentially be used by third parties to send spam and other unsolicited email. To protect against this abuse all mail servers must be configured as "closed relays".

2.6.1 Customers are responsible for ensuring that their mail servers are not acting as open relays.

2.6.2 eircom net reserve the right to test the status of mail servers for open relays.

2.6.3 Customers whose mail servers are acting as open relays will be required to reconfigure them as closed relays.

2.6.4 eircom net reserves the right to suspend and/or terminate service where a Customer fails to close an open relay.

2.6.5 eircom net reserves the right to suspend service immediately and without prior notice where the Customer's mail server is actively being used to send unsolicited email (including spam).

15-09-2004 2:34pm

Every service provider should block port 25 out bound. If this were done the amount of spam zombies would be cut hugely. There is very little reason for this to port to be open outbound for the majority of internet users. Even if you host your own mail server you can use the ISP's SMTP server to send email.

Perhaps have an option for advanced users who know what they are doing to open up the port.

ecksor · 15-09-2004 2:41pm

I suggested that on a mailing list about 3 or 4 years ago and the whinge factor was amazing. Mind you, I think one of the more valid complaints was business people wandering from site to site with the same outbound mail settings. Hopefully that demographic is moving more and more to using VPNs nowadays.

mneylon · 15-09-2004 2:46pm

Educating users is the real key in all this. There are far too many small businesses out there "running" mail servers that are badly configured or not patched. In many cases where the mail server is "seen" to be the cause of the spam the business is using NAT and somebody has brought in an infected laptop!!

seamus · 15-09-2004 2:46pm

ronoc wrote:

Every service provider should block port 25 out bound. If this were done the amount of spam zombies would be cut hugely. There is very little reason for this to port to be open outbound for the majority of internet users. Even if you host your own mail server you can use the ISP's SMTP server to send email.

You won't be allowed to send mail from multiple addresses though. I use my own SMTP Server to send mail from different addresses. If this was blocked, I'd only be able to send mail from me@ntlworld.com, which is obviously undesirable.

I agree though with blocking it, but allowing people to request that it be unblocked, if this was workable.

15-09-2004 3:02pm

I havn't used my providers mail in quite a while (indigo) but I recall being able to send it from any address I liked. For convience I used the same SMTP server for all my accounts. Has this changed?

ecksor · 15-09-2004 3:32pm

That's usually how it works. I've seen setups where it forces the sender name to the "correct" one but only when sending from a local shell.

Eircom Testing Open Relaysh

Comments