You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Diego Castillo <di...@inexbee.com> on 2002/10/07 21:32:10 UTC
ORDB considers James an open relay
Hi all,
My James 2.0a3 installation is considered an open relay by ORDB.
I have screened the mailing list and found plenty of mails talking about
relaying prevention. However, I am unable to apply their suggestions to
my particular situation.
I use James as a SMTP gateway that transforms my outgoing mails before
delivering them. I cannot use authenticated SMTP. I have no local users
and no POP3 server, but it deals with some public virtual addresses
(i.e. subscribe-123123123@mydomain.org).
As it must be reachable from the Internet, I cannot user the
RemoteAddrNotInNetwork protection. In addition, the server runs inside a
firewall which permits ingoing and outgoing SMTP, but blocks HTTP. Is it
possible to use InSpammerBlacklist with such restrictions?
I guess that it is impossible to prevent my James from being an open
relay in my conditions. Am I right?
Diego
Re: ORDB considers James an open relay
Posted by Hontvari Jozsef <ho...@solware.com>.
"Is it possible to use InSpammerBlacklist with such restrictions?"
yes, but that would be pointless. You still remain an open relay.
----- Original Message -----
From: "Dodd Gatsos" <dg...@slb.com>
To: "James Users List" <ja...@jakarta.apache.org>;
<di...@inexbee.com>
Sent: Monday, October 07, 2002 9:37 PM
Subject: Re: ORDB considers James an open relay
> You can allow only specific e-mail addresses to send mail through your
> server.
>
> ----- Original Message -----
> From: "Diego Castillo" <di...@inexbee.com>
> To: <ja...@jakarta.apache.org>
> Sent: Monday, October 07, 2002 2:32 PM
> Subject: ORDB considers James an open relay
>
>
> > Hi all,
> >
> > My James 2.0a3 installation is considered an open relay by ORDB.
> >
> > I have screened the mailing list and found plenty of mails talking about
> > relaying prevention. However, I am unable to apply their suggestions to
> > my particular situation.
> >
> > I use James as a SMTP gateway that transforms my outgoing mails before
> > delivering them. I cannot use authenticated SMTP. I have no local users
> > and no POP3 server, but it deals with some public virtual addresses
> > (i.e. subscribe-123123123@mydomain.org).
> >
> > As it must be reachable from the Internet, I cannot user the
> > RemoteAddrNotInNetwork protection. In addition, the server runs inside a
> > firewall which permits ingoing and outgoing SMTP, but blocks HTTP. Is it
> > possible to use InSpammerBlacklist with such restrictions?
> >
> > I guess that it is impossible to prevent my James from being an open
> > relay in my conditions. Am I right?
> >
> >
> > Diego
> >
>
>
> --------------------------------------------------------------------------
--
> ----
>
>
> > --
> > To unsubscribe, e-mail:
> <ma...@jakarta.apache.org>
> > For additional commands, e-mail:
> <ma...@jakarta.apache.org>
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: ORDB considers James an open relay
Posted by Dodd Gatsos <dg...@slb.com>.
True, but they would have to find out what they were to do it. It would not
prevent you from being an open relay, but it would make it harder. You
could also ensure that the reply to was the same as the sender's email
address, in that way they could not get responses back to their email, so it
would be that much more useless to them to use you as an open relay.
There's easier targets out there.
----- Original Message -----
From: "Noel J. Bergman" <no...@devtech.com>
To: "James Users List" <ja...@jakarta.apache.org>
Sent: Monday, October 07, 2002 3:33 PM
Subject: RE: ORDB considers James an open relay
> > You can allow only specific e-mail addresses to send mail through your
> > server.
>
> Those can be forged.
>
> If you don't filter by SMTP AUTH, originating IP address, SSH tunnelling,
or
> some other mechanism, then you ARE an open relay.
>
> > > As it must be reachable from the Internet, I cannot user the
> > > RemoteAddrNotInNetwork protection. In addition, the server runs inside
a
> > > firewall which permits ingoing and outgoing SMTP, but blocks HTTP. Is
it
> > > possible to use InSpammerBlacklist with such restrictions?
>
> Can you install sshd on the server, and tunnel into it when you need to
send
> e-mail?
>
> --- Noel
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: ORDB considers James an open relay
Posted by "Noel J. Bergman" <no...@devtech.com>.
> You can allow only specific e-mail addresses to send mail through your
> server.
Those can be forged.
If you don't filter by SMTP AUTH, originating IP address, SSH tunnelling, or
some other mechanism, then you ARE an open relay.
> > As it must be reachable from the Internet, I cannot user the
> > RemoteAddrNotInNetwork protection. In addition, the server runs inside a
> > firewall which permits ingoing and outgoing SMTP, but blocks HTTP. Is it
> > possible to use InSpammerBlacklist with such restrictions?
Can you install sshd on the server, and tunnel into it when you need to send
e-mail?
--- Noel
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: ORDB considers James an open relay
Posted by Dodd Gatsos <dg...@slb.com>.
You can allow only specific e-mail addresses to send mail through your
server.
----- Original Message -----
From: "Diego Castillo" <di...@inexbee.com>
To: <ja...@jakarta.apache.org>
Sent: Monday, October 07, 2002 2:32 PM
Subject: ORDB considers James an open relay
> Hi all,
>
> My James 2.0a3 installation is considered an open relay by ORDB.
>
> I have screened the mailing list and found plenty of mails talking about
> relaying prevention. However, I am unable to apply their suggestions to
> my particular situation.
>
> I use James as a SMTP gateway that transforms my outgoing mails before
> delivering them. I cannot use authenticated SMTP. I have no local users
> and no POP3 server, but it deals with some public virtual addresses
> (i.e. subscribe-123123123@mydomain.org).
>
> As it must be reachable from the Internet, I cannot user the
> RemoteAddrNotInNetwork protection. In addition, the server runs inside a
> firewall which permits ingoing and outgoing SMTP, but blocks HTTP. Is it
> possible to use InSpammerBlacklist with such restrictions?
>
> I guess that it is impossible to prevent my James from being an open
> relay in my conditions. Am I right?
>
>
> Diego
>
----------------------------------------------------------------------------
----
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>