Aug 5, 2024: iRedMail-1.7.1 has been released.

**ozapien** · 2013-06-14 01:43:34

ozapien
Member
Offline

Registered: 2012-10-30
Posts: 7

Topic: Alias Domain Open Relay problem

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL 1.6.0
- Linux/BSD distribution name and version: Ubuntu 12.04
- Related log if you're reporting an issue:
====

In a new installation I notice that if any spammer, fake "MAIL FROM:" command to a valid alias domain account it can relay mail without been authenticated.

A valid reject if try to relay with a domain account:
**************************************************************
Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail01.domain.tld (Postfix). All Spam Is Reported. ESMTP
SMTP -> FROM SERVER:
250-mail01.domain.tld
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: postmaster@domain.tld
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: postmaster@domain.tld
SMTP -> FROM SERVER:
553 5.7.1 : Sender address rejected: not logged in
SMTP -> ERROR: RCPT not accepted from server: 553 5.7.1 : Sender address rejected: not logged in

Message sending failed. ################# PERFECT... It's ok
**************************************************************

The problem when spammer use an alias domain in MAIL FROM: command
************************************************************
Resolving hostname...
Connecting...
SMTP -> FROM SERVER:
220 mail01.domain.tld (Postfix). All Spam Is Reported. ESMTP
SMTP -> FROM SERVER:
250-mail01.domain.tld
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: any_valid_user@domain-alias.tld
SMTP -> FROM SERVER:
250 2.1.0 Ok
RCPT TO: another_valid_user@domain.tld # Or domain-alias.tld
SMTP -> FROM SERVER:
250 2.1.5 Ok
Sending Mail Message Body...
SMTP -> FROM SERVER:
354 End data with .
SMTP -> FROM SERVER:
250 2.0.0 Ok: queued as A897B1340DBD
Message completed successfully. ################# Houston, we've had a problem!!!
************************************************************

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

**ZhangHuangbin** · 2013-06-20 15:59:13

ZhangHuangbin
iRedMail Developers
Offline

Registered: 2009-05-06
Posts: 31,082

Re: Alias Domain Open Relay problem

I cannot reproduce this issue. here's what i did (c6 is hostname of my virtual machine).

1) domain "a.cn" is a primary domain, postmaster@a.cn is a valid mail user.

$ telnet c6 25
Trying 172.16.244.131...
Connected to c6.
Escape character is '^]'.
220 c6.iredmail.org ESMTP Postfix
EHLO t.cn
250-c6.iredmail.org
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: postmaster@a.cn
250 2.1.0 Ok
RCPT TO: postmaster@a.cn
553 5.7.1 <postmaster@a.cn>: Sender address rejected: not logged in

2) domain "B.cn" is an alias domain of "a.cn", and of course postmaster@b.cn is an alias address of "postmster@a.cn".

$ telnet c6 25
Trying 172.16.244.131...
Connected to c6.
Escape character is '^]'.
220 c6.iredmail.org ESMTP Postfix
EHLO t.cn
250-c6.iredmail.org
250-PIPELINING
250-SIZE 15728640
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM: postmaster@b.cn
250 2.1.0 Ok
RCPT TO: postmaster@b.cn
553 5.7.1 <postmaster@b.cn>: Sender address rejected: not logged in

Aug 5, 2024: iRedMail-1.7.1 has been released.

Alias Domain Open Relay problem

Posts: 2

1 Topic by ozapien 2013-06-14 01:43:34 (edited by ozapien 2013-06-14 03:21:04)

Topic: Alias Domain Open Relay problem

2 Reply by ZhangHuangbin 2013-06-20 15:59:13

Re: Alias Domain Open Relay problem

Posts: 2