Discussion:
RV: Removal Confirmation for 80.25.198.150
[SH] Jordi Cals
20 years ago
Permalink
Hi there, i processed this confirmation last Friday but still in your DB
list.

Why ? My client server works perfectly and is updated anc checket every
week.

Wait for your news, and greets from Barcelona, Spain, Europe.

Thanx,

Jordi Cals
Director Técnico
Mail: ***@kls.es


________________________________


[ KLS]
902 400 310
***@kls.es
http://www.kls.es/



-----Mensaje original-----
De: DSBL [mailto:***@dsbl.org]
Enviado el: viernes, 27 de mayo de 2005 18:48
Para: ***@150.Red-80-25-198.pooles.rima-tde.net
Asunto: Removal Confirmation for 80.25.198.150

DSBL has received a request to remove the IP address 80.25.198.150 from its
list(s) (triggered by a web request from 212.145.222.71).

If you wish to deny this request, please ignore this email. Otherwise,
please visit the URL below to confirm the request and start the removal
process (removal will take 24-25 hours from the time that you click the link
below).

http://dsbl.org/removal_confirm?UBnGlkKXT0XrDg77BBM6IEitqQIxcla1JaURBQ%3D%3D

Thank you.
Paul Howarth
20 years ago
Permalink
Hello,
Post by [SH] Jordi Cals
Hi there, i processed this confirmation last Friday but still in your DB
list.
Why ? My client server works perfectly and is updated anc checket every
week.
Wait for your news, and greets from Barcelona, Spain, Europe.
If you look at the listing page for your IP:

http://dsbl.org/listing?80.25.198.150

you will see that removal was requested at 16:49:09 UTC on 27th May but
your IP was listed again at 17:34:13 UTC because you had not actually
fixed your open relay. MDaemon has a known problem in that it believes
anyone that claims to have a valid address in your domain, allowing them
to relay mail through your server, without restricting that facility to
valid users of your server by checking IP address. I believe the only
way to secure MDaemon is to turn on authentication for all accounts. You
will then need to configure all of your clients to use authentication.

Regards, Paul.
Alexey Lobanov (dsbl)
20 years ago
Permalink
Hello.
Post by [SH] Jordi Cals
Hi there, i processed this confirmation last Friday but still in your DB
list.
Why ?
Just because your mailserver software is still perfectly vulnerable. See
below a fresh message transferred from Russia to Russia through
80.25.198.150.

The practical proposal is to retire this Mdaemon software completely.
Note it's stupid claim: "not processed: message from valid local sender".

This vulnerability is ignored by the program manufacturers for many
years, being perfectly exploited by spammers.

Return-Path: <***@150.Red-80-25-198.pooles.rima-tde.net>
Received: from mail.kls.es (lincl57.acnet-si.com [194.88.15.13])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by secadm.wplus.net (Postfix) with ESMTP id 6B4877188D
for <***@secadm.wplus.net>; Tue, 31 May 2005 13:52:47 +0400 (MSD)
Received: (qmail 7913 invoked from network); 31 May 2005 09:55:36 -0000
Received: from 150.red-80-25-198.pooles.rima-tde.net (HELO
shbarcelona.com) (80.25.198.150)
by lincl57.acnet-si.com with SMTP; 31 May 2005 09:55:36 -0000
Received: from secadm.wplus.net (secadm.wplus.net [195.131.4.141])
by serveishabitatge.com (mail.shbarcelona.com [127.0.0.1])
(MDaemon.PRO.v8.0.2.R)
with ESMTP id md50000036139.msg
for <***@secadm.wplus.net>; Tue, 31 May 2005 11:53:48 +0200
Message-ID: <hUDBACge_hwwfTBu3m#***@secadm.wplus.net>
Date: Tue, 31 May 2005 09:51:44 +0000
To: <***@secadm.wplus.net>
Subject: Open Relay Test Message
X-Spam-Processed: mail.shbarcelona.com, Tue, 31 May 2005 11:53:48 +0200
(not processed: message from valid local sender)
X-MDRemoteIP: 195.131.4.141
X-Return-Path: ***@150.Red-80-25-198.pooles.rima-tde.net
X-MDaemon-Deliver-To: ***@secadm.wplus.net
X-MDAV-Processed: mail.shbarcelona.com, Tue, 31 May 2005 11:53:49 +0200
From: ***@150.Red-80-25-198.pooles.rima-tde.net

DSBL LISTME: smtp 80.25.198.150
MAIL FROM:<***@150.Red-80-25-198.pooles.rima-tde.net>
RCPT TO:<***@secadm.wplus.net>
DSBL END


Alexey
...
[SH] Jordi Cals
20 years ago
Permalink
Thanks for the fast answer. I made some changes to the configuration on that
mail server. Is there a way to check again the open relay ? It's a client
server.

I'll talk to AltN, no understand how can we see this kind of things.

We use Qmail for the rest of the projects.

Jordi Cals
Director Técnico
Mail: ***@kls.es


________________________________


[ KLS]
902 400 310
***@kls.es
http://www.kls.es/


-----Mensaje original-----
De: Alexey Lobanov (dsbl) [mailto:***@webplus.ru]
Enviado el: martes, 31 de mayo de 2005 12:05
Para: [SH] Jordi Cals
CC: ***@dsbl.org
Asunto: Re: [DSBL-Contact] RV: Removal Confirmation for 80.25.198.150

Hello.
Post by [SH] Jordi Cals
Hi there, i processed this confirmation last Friday but still in your
DB list.
Why ?
Just because your mailserver software is still perfectly vulnerable. See
below a fresh message transferred from Russia to Russia through
80.25.198.150.

The practical proposal is to retire this Mdaemon software completely.
Note it's stupid claim: "not processed: message from valid local sender".

This vulnerability is ignored by the program manufacturers for many years,
being perfectly exploited by spammers.

Return-Path: <***@150.Red-80-25-198.pooles.rima-tde.net>
Received: from mail.kls.es (lincl57.acnet-si.com [194.88.15.13])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by secadm.wplus.net (Postfix) with ESMTP id 6B4877188D
for <***@secadm.wplus.net>; Tue, 31 May 2005 13:52:47 +0400 (MSD)
Received: (qmail 7913 invoked from network); 31 May 2005 09:55:36 -0000
Received: from 150.red-80-25-198.pooles.rima-tde.net (HELO
shbarcelona.com) (80.25.198.150)
by lincl57.acnet-si.com with SMTP; 31 May 2005 09:55:36 -0000
Received: from secadm.wplus.net (secadm.wplus.net [195.131.4.141])
by serveishabitatge.com (mail.shbarcelona.com [127.0.0.1])
(MDaemon.PRO.v8.0.2.R)
with ESMTP id md50000036139.msg
for <***@secadm.wplus.net>; Tue, 31 May 2005 11:53:48 +0200
Message-ID: <hUDBACge_hwwfTBu3m#***@secadm.wplus.net>
Date: Tue, 31 May 2005 09:51:44 +0000
To: <***@secadm.wplus.net>
Subject: Open Relay Test Message
X-Spam-Processed: mail.shbarcelona.com, Tue, 31 May 2005 11:53:48 +0200
(not processed: message from valid local sender)
X-MDRemoteIP: 195.131.4.141
X-Return-Path: ***@150.Red-80-25-198.pooles.rima-tde.net
X-MDaemon-Deliver-To: ***@secadm.wplus.net
X-MDAV-Processed: mail.shbarcelona.com, Tue, 31 May 2005 11:53:49 +0200
From: ***@150.Red-80-25-198.pooles.rima-tde.net

DSBL LISTME: smtp 80.25.198.150
MAIL FROM:<***@150.Red-80-25-198.pooles.rima-tde.net>
RCPT TO:<***@secadm.wplus.net>
DSBL END


Alexey
...
Alexey Lobanov (dsbl)
20 years ago
Permalink
Hello.
Post by [SH] Jordi Cals
Thanks for the fast answer. I made some changes to the configuration on that
mail server.
I can see that you have blacklisted one of my testing machines.

***@secadm:~$ telnet 80.25.198.150 25
Trying 80.25.198.150...
Connected to 80.25.198.150.
Connection closed by foreign host.
Post by [SH] Jordi Cals
Is there a way to check again the open relay ?
I repeat: there is a known persistent bug in all Mdaemon versions, and
this bug can be properly fixed in Mdaemon source code only. Do you have
access to Mdaemon source code?

The workarounds are:

1. Stop accepting connections from Internet at port 25, use this
software for mail sending only.

2. Enable strong authentification with good passwords for all mail
accounts including built-in ones.

Possibly, you have implemented one of them, or both. It makes your
system more safe for Internet, and that's good. Indeed, both workarounds
have severe adverse effects for your normal operations.

Best,
Alexey
...
Paul Howarth
20 years ago
Permalink
Hello,
I reconfigured it all, try now to spam that site. I didn't need to reconfig
SMTP valitation with IP Shielding.
Wait 4 your news and many thanX.
Your server still relays for anyone that impersonates a valid user
account at your site. It is not sufficient to require authentication
just for the Postmaster account; authentication needs to be required for
*all* accounts.

Regards, Paul.
[KLS] Jordi Cals
20 years ago
Permalink
OK :(

I activated authentification to all accounts, local users included.

Let's try now.


Jordi Cals
Director Técnico
Mail: ***@kls.es


________________________________


[ KLS]
902 400 310
***@kls.es
http://www.kls.es/


-----Mensaje original-----
De: Paul Howarth [mailto:***@city-fan.org]
Enviado el: martes, 31 de mayo de 2005 17:04
Para: [SH] Jordi Cals
CC: ***@dsbl.org
Asunto: Re: [DSBL-Contact] RV: Removal Confirmation for 80.25.198.150

Hello,
I reconfigured it all, try now to spam that site. I didn't need to
reconfig SMTP valitation with IP Shielding.
Wait 4 your news and many thanX.
Your server still relays for anyone that impersonates a valid user account
at your site. It is not sufficient to require authentication just for the
Postmaster account; authentication needs to be required for
*all* accounts.

Regards, Paul.
Paul Howarth
20 years ago
Permalink
Post by [KLS] Jordi Cals
OK :(
I activated authentification to all accounts, local users included.
Let's try now.
I think that should be OK now, as long as the account passwords are not
easily guessable (e.g. the same as the account name).

Paul.
[KLS] Jordi Cals
20 years ago
Permalink
Paul, everything is OK, can we make the final test to remove the IP from
your list please ?

ThanX.


Jordi Cals
Director Técnico
Mail: ***@kls.es


________________________________


[ KLS]
902 400 310
***@kls.es
http://www.kls.es/


-----Mensaje original-----
De: Paul Howarth [mailto:***@city-fan.org]
Enviado el: martes, 31 de mayo de 2005 17:58
Para: [KLS] Jordi Cals
CC: ***@dsbl.org
Asunto: Re: [DSBL-Contact] RV: Removal Confirmation for 80.25.198.150
Post by [KLS] Jordi Cals
OK :(
I activated authentification to all accounts, local users included.
Let's try now.
I think that should be OK now, as long as the account passwords are not
easily guessable (e.g. the same as the account name).

Paul.
[KLS] Jordi Cals
20 years ago
Permalink
Helo Paul,

Can I test another Mdaemon server for a open relay please ?

The host is 62.57.74.33 / 62.15.139.14 (dual DSL line).

Thanx,


Jordi Cals
Director Técnico
Mail: ***@kls.es


________________________________


[ KLS]
902 400 310
***@kls.es
http://www.kls.es/


-----Mensaje original-----
De: Paul Howarth [mailto:***@city-fan.org]
Enviado el: martes, 31 de mayo de 2005 17:58
Para: [KLS] Jordi Cals
CC: ***@dsbl.org
Asunto: Re: [DSBL-Contact] RV: Removal Confirmation for 80.25.198.150
Post by [KLS] Jordi Cals
OK :(
I activated authentification to all accounts, local users included.
Let's try now.
I think that should be OK now, as long as the account passwords are not
easily guessable (e.g. the same as the account name).

Paul.

Alexey Lobanov (dsbl)
20 years ago
Permalink
Hello.
Post by [KLS] Jordi Cals
Paul, everything is OK, can we make the final test to remove the IP from
your list please ?
Yes, one week (24*7 hours) after 2005/May/27 16:48:09 UTC. DSBL policy
permits one removal per week.

Best,
Alexey
...
Loading...