 |
||||
 |
||||
 |
||||
| ORBS[ Date: Tue, 11 May 1999 08:43:19 +1200 Message-Id: <199905102043.IAA05531@mail2.manawatu.net.nz> To: postmaster@goma.xxx.co.jp, postmaster@goma.xxx.co.jp From: The Open Relay Behaviour-modification System <listings@orbs.org> Reply-To: ORBS listings <listings@orbs.org> Subject: Network security problem: 203.nnn.nnn.nnn is an open email relay Please read this entire message carefully before replying If you are not the technical contact for yor organisation, please forward this to the person who is. 203.nnn.nnn.nnn has been detected as an open email relay and has been added to the ORBS database. An open email relay is a SMTP server that accepts E-mail from anywhere on the Internet and forwards it to anywhere else on the Internet Someone nominated 203.nnn.nnn.nnn for testing, probably because they received unwanted junkmail which was delivered via the server. Inspection of your mailserver logs will reveal more information. ORBS (http://www.orbs.org) has confirmed this by sending an automated test message through 203.nnn.nnn.nnn. Delivery of that message back to the testing program has triggered this warning message. Being an open relay used to be a desirable thing in the past, as the Internet operated in an atmosphere of trust and servers weren't normally abused. As such, almost all older SMTP transport software defaults to this behaviour. Almost all SMTP server software has changed this policy in recent releases because of rapidly escalating levels of abuse. An open relay is a "Bad Thing" in the modern net environment, because they are used extensively by junkmailers to bypass filters and offload costs. Many admins have decided they won't accept mail from known open relays because of this. Many refer to the ORBS database to assist in detection and rejection of connections from such machines. If you are happy for your machine to remain an open relay and be included in ORBS, you need do nothing, however you probably want to secure it. Apart from losing connectivity to hosts subscribing to the ORBS system, you may be breaching your supplier's terms and conditions. The ORBS database is not downloadable. The only way anyone can "see" that the machine is included is to make a special DNS query or visit our website and make a specific query about 203.nnn.nnn.nnn Please check the ORBS website (http://www.orbs.org/) or the Mail Abuse Prevention System's Transport Security Initiative (MAPS TSI) website (http://maps.vix.com/tsi/) for links to other sites that may be able to help you close your relay. The TSI website contains links covering most known Mail Transport Agents (MTAs), with the information on securing each MTA usually written by the MTA author, or user support group. Most mail transport agents can be secured quickly by the operator, usually for no cost other than the time take to read the appropriate instructions for your software. To be removed from the ORBS database, you need to disable the external relay features of your mail server and then report the IP address 203.nnn.nnn.nnn to our web site at http://www.orbs.org/closed1.cgi. We will immediately remove your site's entry, then re-test it for third-party relay capabilities. ORBS is an automated testing system, if your mailserver has multiple IP interfaces, it is likely that you will receive multiple copies of this message. You should only receive one notice per IP number Thank you for your attention to this matter. Sincerely, listings@orbs.org |
||||
|
||||
 |
||||
|
 |
|
 |
|
 |
||||