|Jul 15, 2008, 05:59 AM||#1|
Help! Xserve mail server being used as spam relay 10.4.11
We've got a bit of an urgent issue going on.
It looks as though our mailserver is being used as an open spam relay.
Unfortunately this isn't something we really know how to prevent, disable or find the cause of.
We're using the Apple mail server built into 10.4 and are fully updated to the most recent version of 10.4.11
Currently we have all outgoing mail on hold until we can find the root of the problem.
We have around 20 machines all using mac mail on 10.4.11 and then 6 XP machines, all of which have been fully scanned and are clean.
Is anyone familiar with the mac mail server and knows how to help us close the relay?
Many thanks in advance!
|Jul 15, 2008, 06:25 AM||#2|
Firstly, go to the following URL and run the 'exhaustive relay' option. This will tell you for sure whether your server is an open relay:
If it comes back negative (which it should - OS X server has relaying disabled by default, so if it's on, it's because it's been turned on), then your problem is probably just that someone is spamming using a spoofed header showing an address from your domain as the originator - happens to everybody.
If, however, toxicservers show that you ARE running an open relay, then open the server admin tools, go to the mail section and restrict relaying. You can either specify a specific IP range (i.e. the range you use on your internal LAN), or check one or more of the checkboxes for SMTP authentication - this will require that a users' mail client authenticates via password whenever sending an email.
For further info, take a look at:
11" MacBook air 2012 i5 4gb/ 128gb - 17" unibody MBP C2D 2.8Gz / 4gb / 500gb - 20" iMac 2ghz C2D / 4gb/ 2tb - iPad 3 32gb wifi/3G - iPhone 5 16gb
I also like it HERE
Last edited by tersono; Jul 15, 2008 at 06:31 AM.
|Jul 15, 2008, 07:01 AM||#3|
I'll get right on it and see what the deal is.
We're pretty sure we've been relaying spam.
The server slowed to a crawl pace and Messagelabs who scan our incoming mail said they would not do the same for our outgoing mail as we were being used as an open relay.
not sure quite how this happened but it's just killed 2 days of work for the whole office.
hopefully this will fix it for us.
|Jul 15, 2008, 12:42 PM||#4|
Well it seems that we've got it fixed now.
After following instructions to secure our servers we were then routing our mail through Messagelabs to scan.
They picked up more instances of Spam originating from our server along with full details of message contents etc...
Somehow an account not connected to any of our users (a test account used to check the setup when we first set up the mail server some years ago) had been accessed and compromised and the account itself was acting as a relay.
It also gave us the ip address of the originator of the mail we were unwittingly forwarding.
It was in Nigeria and was sending out those 'with your help we can open the bank account' type phishing mails.
Now the question is how did this account become compromised and how come OS X server mail does not have anything in place to warn you of any compromised accounts?
|Jul 17, 2008, 08:44 AM||#5|
Its good you got this fixed. I also find it refreshing that you found the problem and actually did something about it. At my old work place, I was the main Policy Enforcement person. It surprised me how many times we would get calls from businesses telling us that it was ok to relay spam, as that was "normal". ?!?!?!111 I responded with, it was also "normal" for us to block mailservers that were "normally" spamming our servers.
|Thread Tools||Search this Thread|
|thread||Thread Starter||Forum||Replies||Last Post|
|Trouble using WPA-PSK encryption with 10.4.11||mrdarkside||OS X||0||Apr 10, 2010 10:44 AM|
|Sata card being read as SCSI in 10.4.11?||disconap||Mac Basics and Help||0||Jan 9, 2010 07:49 PM|
|Photoshop crashing- unable to scan with Brother DCP-7030 using MAC OS X 10.4.11||bej1199||Design and Graphics||0||Oct 24, 2009 02:29 PM|
|Programming with Fortran using Mac OS X 10.4.11||notaprogrammer||Mac Programming||3||Jul 24, 2008 12:35 PM|
|.mac email account being used as spam mailer||network23||Mac Applications and Mac App Store||5||May 27, 2008 08:03 AM|
All times are GMT -5. The time now is 09:18 AM.