Scalix Forums

Posted: **Mon Jun 27, 2005 3:09 pm**

Since migrating to Scalix, it appears that our mail server now accepts open relays of the following form:

$ telnet mail.blah.com 25
Trying 11.22.33.44...
Connected to mail.blah.com.
Escape character is '^]'.
220 mail.blah.com ESMTP Scalix SMTP Relay 9.2.1.24; Mon, 27 Jun 2005 13:02:51 -0600 (MDT)EHLO in.foo.org
250-mail.blah.com Hello in.foo.org [44.55.66.77], pleased to meet you
250-AUTH PLAIN LOGIN GSSAPI
250-AUTH=LOGIN
250-DSN
250 8BITMIME
MAIL From:<relaytestsend@rt.njabl.org>
250 relaytestsend@rt.njabl.org... Sender ok
RCPT To:<relaytest%rr.njabl.org@mail.ibnads.com>
250 Ok

If I try a traditional email address (without the percent sign), it does, indeed deny the email with the spam rule.

Here is the smtpd.cfg:

Code: Select all

# Accept mail for our domains
RECIPIENT accept *@blah.com
RECIPIENT accept *@mail.blah.com

# Local Relays
RELAY accept 127.0.0.1
RELAY accept .blah.com
RELAY accept .mail.blah.com
RELAY Log_Reject ALL

# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*

What's wrong?

Posted: **Mon Jun 27, 2005 7:22 pm**

smtpd.cfg is processed on a first-match basis.

This means that the RECIPIENT accept lines at the top of your posting match up with the test address that you are using and the mail is let through.

You should move the two RECIPENT accept lines to the bottom of the file and restart the SMTP relay to get the changes picked up.

Cheers

Dave

Posted: **Tue Jun 28, 2005 10:05 am**

Perfect, that works; thanks!

Scalix Forums

We're listed in several open relay databases now

We're listed in several open relay databases now

Scalix Forums

**We're listed in several open relay databases now**

**We're listed in several open relay databases now**

We're listed in several open relay databases now

We're listed in several open relay databases now