Closed Bug 24289 Opened 25 years ago Closed 24 years ago

fix open relay on lounge and other mozilla.org machines

Categories

(mozilla.org Graveyard :: Server Operations, task, P3)

Product:
mozilla.org Graveyard
Component:
Server Operations
Platform:
All
Linux
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: endico, Assigned: rkotalampi)

References

(
URL
)

Details

Subject:
         Network security problem: 207.200.73.38 is an open email relay
    Date:
         Fri, 14 Jan 2000 23:18:58 +1300
   From:
         The Open Relay Behaviour-modification System <listings@orbs.org>
     To:
         postmaster@h-207-200-73-38.netscape.com, postmaster@lounge.mozilla.org




Please read this entire message carefully before replying

If you are not the technical contact for your organisation, please
forward this to the person who is.

Reference: http://www.orbs.org/messagelookup.cgi?address=207.200.73.38

207.200.73.38 has been detected as an insecure email relay and added
to the ORBS database.

Please check the ORBS website (http://www.orbs.org/) for links
to other sites that may be able to help you close your relay. Most mail
transport agents can be secured quickly by the operator, usually for no
cost other than the time take to read the appropriate instructions for
your software.

To be removed from the ORBS database, you need to disable the external relay
features of your mail server and then report the IP address 207.200.73.38
to our web site at  http://www.orbs.org/closed2.cgi?address=207.200.73.38
We will immediately remove your site's entry, then re-test it for
third-party relay capabilities.

ORBS is an automated testing system, if your mailserver has multiple
IP interfaces, it is likely that you will receive multiple copies of
this message. You should only receive one notice per IP number, however
ORBS notices are sent to both the literal IP address and the resolved DNS
name, so 2 notices may be received in some cases.

Thank you for your attention to this matter.

Sincerely,

listings@orbs.org

The message your system relayed is attached below.
If you believe your server has been secured, please check the
X-Envelope lines to see which vulnerability has been missed
and check them against the list of vulnerabilties at
http://www.orbs.org/envelopes.html

From sender@orbs.org  Fri Jan 14 23:18:53 2000
Received: from lounge.mozilla.org (h-207-200-73-38.netscape.com [207.200.73.38])
        by mail2.manawatu.net.nz (8.9.3/8.9.3) with ESMTP id XAA23656
        for <orbs-relaytest@manawatu.co.nz>; Fri, 14 Jan 2000 23:18:52 +1300
X-Remote-IP: 207.200.73.38
Received: from relaytest.orbs.org (relaytest.orbs.org [202.36.148.7])
        by lounge.mozilla.org with SMTP id CAA12486
        for <"orbs-relaytest@manawatu.co.nz">; Fri, 14 Jan 2000 02:18:41 -0800
(PST)
Date: Fri, 14 Jan 2000 02:18:41 -0800 (PST)
From: sender@orbs.org
To: "orbs-relaytest@manawatu.co.nz"@lounge.mozilla.org
X-Token: tcheknqpgzjxtmvw
X-Envelope-Sender: <sender@orbs.org>
X-Envelope-Recipient: <"orbs-relaytest@manawatu.co.nz">
Message-Id: <207.200.73.38@orbs.org>
Subject: ORBS Relay Test - 207.200.73.38

This program (re)tests for open relays.

Open relays are automatically added to the ORBS Open Relay
Database (see http://www.orbs.org/ for details).

Open relays are rechecked monthly or more frequently.
Secured hosts are rechecked every 3-6 months

There are up to 17 different tests applied per IP address.

Do not use the above addresses to contact me - use admin@orbs.org.

Help on securing relays can be found at http://maps.vix.com/tsi/
and at http://www.orbs.org/otheresources.cgi

X-Token: tcheknqpgzjxtmvw
X-Envelope-Sender: <sender@orbs.org>
X-Envelope-Recipient: <"orbs-relaytest@manawatu.co.nz">
I just noticed that because of this problem all Bugzilla e-mails were rejected
by my spam filters. I am sure that I am not the only one who uses ORBS for
e-mail filtering, so this is quite a major problem.

You may want to consider going to http://www.orbs.org/admins.html and
registering your network so that you can get the complete listing of all the
detected open relays in your network.
Severity: normal → major
Here is the list of 207.200.73.* hosts listed in ORBS:
207.200.73.037 RBL filtered by relays.orbs.org: Open relay - see
http://www.orbs.org/verify.cgi?address=207.200.73.37
207.200.73.038 RBL filtered by relays.orbs.org: Open relay - see
http://www.orbs.org/verify.cgi?address=207.200.73.38
207.200.73.039 RBL filtered by relays.orbs.org: Open relay - see
http://www.orbs.org/verify.cgi?address=207.200.73.39
207.200.73.135 RBL filtered by relays.orbs.org: Open relay - see
http://www.orbs.org/verify.cgi?address=207.200.73.135
Hardware: PC → All
is lounge still on the orbs list? we need to make sure everyone is
getting their bugzilla mail
It probably still is. Haven't had time to this yet.
207.200.73.37, 207.200.73.38 and 207.200.73.39 are still in ORBS. 207.200.73.135
seems to have been fixed and is no longer in ORBS.
the sendmail m4 files for our machines are located in the gila repository under
tools/sendmail
I know I know... latest files for 8.9.3 aren't there yet though.
I know this is important but at this time I'll set this to normal severity.
Severity: major → normal
Now when cvs problems seems to be solved this can be prioritized higher.
Severity: normal → major
I am planning to do this finally... and install sendmail 8.10.0 in few days.
sendmail 8.10.0 installed.... looking...
I submitted reported 207.200.73.37, 207.200.73.38 and 207.200.73.39 to ORBS as
fixed, so that it retest them.
Argh! I'm not all done yet. I submited lounge already but others are still being 
worked on.
Don't worry, it usually takes ORBS some time (often up to a day or two) before
it comes to recheck...
All open relays upgraded to sendmail 8.10.0. gila is still 8.9.3. If there are 
ny bouncing mails please page me.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.