Da li je vaš mail server (open) RELAY?

Evo kako se ovo testira :
Test 1
Sa neke druge mašine se logujete ka vašem mail server, ali po njegovoj SPOLJAŠNJOJ IP adresi (ili imenu) :
# telnet spoljašnji-IP 25
Trying spoljašnji-IP…
Connected to mail-2012.moj.domen (spoljašnji-IP).
Escape character is ‘^]’.
ehlo localhost
250-mail-2012 Hello [druga-spoljašnja-IP], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
mail from: bojnik@moj.domen
250 2.1.0 bojnik@moj.domen… Sender ok
rcpt to: moj.nalog@verat.net
550 5.7.1 moj.nalog@verat.net… Relaying denied. IP name lookup failed [druga-spoljašnja-IP]
E ovo “Relaying denied” je super.
Test 2
Sajtovi preko kojih možete proveriti da li je vaš mail server open relay :
http://www.rbl.jp/svcheck.php
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html
http://www.mob.net/~ted/tools/relaytester.php3
Test 3
Povremeno bi bilo dobro protrčati dole navedenu komandu, i videti ako se neki od korisnika abnormalno mnogo loguje, pa proveriti da mu nije provaljen nalog :
# grep “authid” /var/log/maillog | cut -d “,” -f 3 | sort -n | uniq -c
61 authid=nalog1
28 authid=nalog2
88 authid=nalog3
23 authid=nalog4
…..

This entry was posted in Linux and tagged , . Bookmark the permalink.

Comments are closed.