Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Surprise! Another Relay Question (sorry)

0 views
Skip to first unread message

Mark Hanford

unread,
Sep 25, 2000, 3:00:00 AM9/25/00
to

We had reports of our server being used for relaying from ORBS (this time).

I went through the recommendations of
http://www.microsoft.com/technet/exchange/relay.asp and set the routing to
route to cassia.co.uk as per the instructions. I also ticked the "Hosts and
clients with these IP addresses" box, leaving the actual addresses blank, in
the routing restrictions dialog box.

When I use the relay tester at http://www.abuse.net/relay.html it performs a
number of variations of the routing. All of these seem to pass the test,
apart from the final (6th) variation. According to the description of the
test the web page may display a failure even thought the message is blocked
internally, and there is only a problem if the message arrives at the
recipient, well it does :(

Any ideas? (Test results at end of message)

Thanks,

Mark Hanford
Network Administrator


TEST RESULTS:
Test 1:
>>> MAIL FROM:<spam...@abuse.net>
<<< 250 OK - mail from <spam...@abuse.net>
>>> RCPT TO:<user-...@nf.abuse.net>
<<< 550 Relaying is prohibited

Test 2:
>>> MAIL FROM:<spates>
<<< 250 OK - mail from <spates>
>>> RCPT TO:<user-...@nf.abuse.net>
<<< 550 Relaying is prohibited

Test 3:
>>> MAIL FROM:<>
<<< 250 OK - mail from <>
>>> RCPT TO:<user-...@nf.abuse.net>
<<< 550 Relaying is prohibited

Test 4:
>>> MAIL FROM:<spam...@mailhost.cssa.co.uk>
<<< 250 OK - mail from <spam...@mailhost.cssa.co.uk>
>>> RCPT TO:<user-...@nf.abuse.net>
<<< 550 Relaying is prohibited

Test 5:
>>> MAIL FROM:<spamtest@[194.130.145.1]>
<<< 250 OK - mail from <spamtest@[194.130.145.1]>
>>> RCPT TO:<user-...@nf.abuse.net>
<<< 550 Relaying is prohibited

Test 6:
>>> MAIL FROM:<spam...@mailhost.cssa.co.uk>
<<< 250 OK - mail from <spam...@mailhost.cssa.co.uk>
>>> RCPT TO:<user-00998%nf.abu...@mailhost.cssa.co.uk>
<<< 250 OK - Recipient <user-00998%nf.abu...@mailhost.cssa.co.uk>
>>> DATA
<<< 354 Send data. End with CALF.CALF
>>> (message body)
<<< 250 OK


Kirill S. Palagin

unread,
Sep 25, 2000, 3:00:00 AM9/25/00
to

Mark Hanford wrote:

> <snip>


>
> Test 6:
> >>> MAIL FROM:<spam...@mailhost.cssa.co.uk>
> <<< 250 OK - mail from <spam...@mailhost.cssa.co.uk>
> >>> RCPT TO:<user-00998%nf.abu...@mailhost.cssa.co.uk>
> <<< 250 OK - Recipient <user-00998%nf.abu...@mailhost.cssa.co.uk>
> >>> DATA
> <<< 354 Send data. End with CALF.CALF
> >>> (message body)
> <<< 250 OK

Just do this test yourself by sending message to your mailbox on some other
server (like Hotmail) and see if message is delivered.


--
If you feel that anything in my post needs correction - feel free to do so (in
group).
And please, keep all discussions in NG, so that everybody can participate.

Kirill

Rich Matheisen [MVP]

unread,
Sep 25, 2000, 3:00:00 AM9/25/00
to
"Mark Hanford" <mark.h...@nounwantedmail.cssa.co.uk> wrote:

>We had reports of our server being used for relaying from ORBS (this time).
>
>I went through the recommendations of
>http://www.microsoft.com/technet/exchange/relay.asp and set the routing to
>route to cassia.co.uk as per the instructions. I also ticked the "Hosts and
>clients with these IP addresses" box, leaving the actual addresses blank, in
>the routing restrictions dialog box.
>
>When I use the relay tester at http://www.abuse.net/relay.html it performs a
>number of variations of the routing. All of these seem to pass the test,
>apart from the final (6th) variation.

That'd be the "%-hack" described in RFC1123, right? The only thing you
server "failed" was the arbitrary test these guys concocted. The test
never actually sends any data, just commands, so they don't know that
the Exchange server would have sent an NDR because tries to deliver
the message to a local mailbox and fails.

If it's NOT the "%-hack" the you'll have to provide a bit more
information about the specifics of the address used. You can also call
MS PSS and get the Post-SP3 hotfixes for the IMS which contains a few
relay fixes.

>According to the description of the
>test the web page may display a failure even thought the message is blocked
>internally, and there is only a problem if the message arrives at the
>recipient, well it does :(

Heh . . . be careful of the address you use when you register. If it's
an address on the system you're testing you'll get the NDR and it'll
sure LOOK like it failed!

[ snip ]

>Test 6:
>>>> MAIL FROM:<spam...@mailhost.cssa.co.uk>
><<< 250 OK - mail from <spam...@mailhost.cssa.co.uk>
>>>> RCPT TO:<user-00998%nf.abu...@mailhost.cssa.co.uk>
><<< 250 OK - Recipient <user-00998%nf.abu...@mailhost.cssa.co.uk>
>>>> DATA
><<< 354 Send data. End with CALF.CALF
>>>> (message body)
><<< 250 OK

Okay -- it's the "%-hack". BUT!!! I see you've fallen into the poorly
worded trap of using an e-mail address on the same system that you're
testing to receive the test results.

------------------
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

0 new messages