On 2008-02-22 Nick Vaernhoej wrote:
After finding that my own mail setup at home has caught almost 5000
spam mails in less than a month I have finally thrown my hands in the
air and wanted to hopefully get some understanding from this list.
Actually, the purpose of this list is not to teach you how e-mail works.
Read RFC 821. Or at least the Wikipedia article on SMTP.
The amount alone is huge I think when I am only hosting my wife and
myself (as well as the usual abuse etc. contacts).
I am worried that my home is an open relay in a manner I have not
found.
Then I learn that via telnet I can send email from mydomain.com to
mydomain.com and have it delivered even when the telnet session is
from a public IP.
Can you send mail to arbitrary domains? Or just to your own domain?
So, I am a little fuzzy on what it is I am trying to learn here, but:
1. Would you think 5000 emails a month with maybe 200 valid emails is
normal in a home/family type setup?
That depends on how your "home/family type setup" is actually set up. If
the server does catchall I'd consider it pretty normal.
2. Is mail always accepted and relayed when the sender and recipient
domain is the same? (This is without sender authentication
configured or capability).
No. Usually mail servers only accept mail for their own domains. I would
suspect that not even Exchange relays by default, but it's been quite a
while since I had to deal with it, and it was Exchange 5.5. and 2000 at
that time.
a. If yes, what is to stop an angry neighbor on his vacation to
China from sending a nasty email from me to my wife? (In this
unsecure setup).
That has nothing at all to do with relaying (assuming your wife's
mailbox is hosted on your mail server). Addresses in the From field can
be spoofed. Period. This is how SMTP is specified.
b. My gateway at home (Smoothwall using DSPAM/SEMF? mod) only
accepts the initial HELO if followed by connecting domain name
(HELO domain.com) So how come I can connect from domainx.com and
send email from domainy.com to domainy.com?
See above.
c. What can I do to remove this risk?
That someone sends mail with a spoofed From address to one of your
mailboxes? Nothing at all.
3. Any recommendations on a free mail gateway solution?
SpamAssassin? ClamAV? My goal is to migrate away from Exchange
2003. I have been wanting to try Zimbra for mail server but would
like a good mail gateway in the DMZ instead of hosted by the
firewall.
The mail component of Zimbra is basically Postfix with SpamAssassin and
ClamAV. You can easily make that kind of setup on any Linux box without
thw whole Zimbra overhead. If all you need is a mail server then I'd
suggest to simply install Postfix. The documentation is pretty simple
and well-documented.
http://www.postfix.org/documentation.html
Particularly interesting WRT spam protection:
http://www.postfix.org/SMTPD_ACCESS_README.html
http://www.postfix.org/BACKSCATTER_README.html
http://www.postfix.org/uce.html
This electronic transmission is intended for the addressee (s) named
above. It contains information that is privileged, confidential, or
otherwise protected from use and disclosure. If you are not the
intended recipient you are hereby notified that any review,
disclosure, copy, or dissemination of this transmission or the taking
of any action in reliance on its contents, or other use is strictly
prohibited. If you have received this transmission in error, please
notify the sender that this message was received in error and then
delete this message.
You do realize that this kind of disclaimer is utterly pointless, don't
you?
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
