Yesterday when I got home from work and actually went into my kitchen I could hear a faint noise. I thought for a while that the steady hum was from the refrigerator, but no it was in fact Fusijama - the classy.dk server. I logged on the server and found to my horror that the server was acting as an open relay! For those not in the know, that means that ANYBODY can log on to my mailserver and forward mail from an essentially anonymous address to anybody else in the world. In short a spam machine. And horror no 2 was that some evil spammer had found out about it. I was, when I stopped the mailserver, infested with 500 MB of spam (that's more than 100000 offers for cheap loans, free porn, low interest rates, and fast university diplomas).
The error of my ways: I had upgraded my XMail mailserver and it had kindly updated my smtprelay setting to the default - which is to run as an open relay. I generally like the Unix philosophy that the user should be in full control and should know what he's doing. I like the mailserver a lot, but NOT the decision to leave it up to the user to discover the correct setting of smtprelay.tab (the file should be completely empty to disable all relaying), and certainly not this behaviour during upgrade. For the casual user, that ends up being a lot of work. (OK, so I was using an RPM to upgrade and maybe I shouldn't expect application specific sound upgrade policies from a general purpose package manager, although I think RPM does allow for stuff like that) (OK2, I know full well that Windows installation routinely violates your privacy and turns on crappy features - including some with security issues attached to them - by default)
The good news with this bad news was that I discovered how efficient the Open Relay databases are. I immediately logged onto ORDB to
check that my server was indeed a relay. They had gotten the first report of the harmful nature of my server configuration by someone other than me at 4AM the same morning. I fixed the problem, and asked for a retest, and within a couple of hours the server was unblocked again. I haven't really been around the net to check other relay databases although I should.
Why haven't I checked. Well it appears that no one in my immediate vicinity use the relay blockers. I was never blocked when forwarding from my own server to my company server. And the few mailing lists I operate seemed to function appropriately.
It's a pity really. I can live with a short mail outage after a bad config, if I get a responsive spam-free network in return. The email-server "honors system" of the open relay databases works and should be used.
Posted by Claus at August 13, 2002 09:56 AM