Made on IRCNow

Blob

Date:: Wed Mar 22 04:00:28 2023 UTC
Message:: Daily backup
Actions:: History | Blame | Raw File
1 version=pmwiki-2.3.20 ordered=1 urlencoded=1
2 agent=Mozilla/5.0 (Linux; Android 8.1.0; vivo 1820 Build/O11019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/109.0.5414.118 Mobile Safari/537.36
3 author=Yonle
4 charset=UTF-8
5 csum=
6 ctime=1622794110
7 host=109.123.237.53
8 name=Opensmtpd.Test
9 rev=17
10 targets=Email.Email,Netcat.SMTP,Opensmtpd.Openrelay,Openbsd.Opensmtpd
11 text=(:title Test your mail server:)%0a%0a!! Basic Sending of Mail%0a%0aAs a first basic test, try to send mail using sendmail. You'll want to log in%0ato the server using ssh. Then on the server, create the file ~/samplemail:%0a%0a[@%0a$ sendmail -v -F fromname -f from@example.com to@example.com%0aSubject: Alpha Bravo%0aMIME-Version: 1.0 %0aContent-Type: text/plain; charset=us-ascii%0aContent-Disposition: inline%0a%0aCharlie Delta Echo Foxtrot%0a@]%0a%0aReplace @@fromname@@ with the name of the sender (your name), @@from@example.com@@%0awith the sender's address, and @@to@example.com@@ with the email you want to send%0ato.%0a%0aPress ctrl+d to end the letter.%0a%0aYou should see the following output:%0a%0a[@%0a%3c%3c%3c 220 example.com ESMTP OpenSMTPD%0a>>> EHLO localhost%0a%3c%3c%3c 250-example.com Hello localhost [local], pleased to meet you%0a%3c%3c%3c 250-8BITMIME%0a%3c%3c%3c 250-ENHANCEDSTATUSCODES%0a%3c%3c%3c 250-SIZE 36700160%0a%3c%3c%3c 250-DSN%0a%3c%3c%3c 250 HELP%0a>>> MAIL FROM:%3cfrom@example.com>  %0a%3c%3c%3c 250 2.0.0 Ok%0a>>> RCPT TO:%3cto@example.com> %0a%3c%3c%3c 250 2.1.5 Destination address valid: Recipient ok%0a>>> DATA%0a%3c%3c%3c 354 Enter mail, end with "." on a line by itself%0a>>> .%0a%3c%3c%3c 250 2.0.0 379ec228 Message accepted for delivery%0a>>> QUIT%0a%3c%3c%3c 221 2.0.0 Bye%0a@]%0a%0a!! Sending with your mail client%0a%0aYou should also send email from a known, working email address to your new%0amail server. Afterwards, configure your [[email/email|e-mail client]] to see if%0ayou were able to receive the letter.%0a%0a!! Sending with netcat%0a%0aYou can test to see if you can send a letter to your server using [[netcat/SMTP|netcat]]:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0a@]%0a%0aNext, we type HELO followed by our sending domain:%0a%0a[@%0aHELO example.com%0a250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a@]%0a%0aAfterwards, we type our sending mail address:%0a%0a[@%0aMAIL FROM: %3cfrom@example.com>%0a250 2.0.0 Ok%0a@]%0a%0aAnd the destination mail address:%0a%0a[@%0aRCPT TO: %3cto@example.com>%0a250 2.1.5 Destination address valid: Recipient ok%0a@]%0a%0aThen we type DATA followed by our email:%0a%0a[@%0aDATA%0a354 Enter mail, end with "." on a line by itself%0aSubject: Alpha Bravo Charlie Delta%0a%0aEcho Foxtrot Golf Hotel%0a@]%0a%0aWe then type . to end the email, then QUIT:%0a%0a[@%0a.%0a250 2.0.0 e57f9a36 Message accepted for delivery%0aQUIT%0a221 2.0.0 Bye%0a@]%0a%0aHere's the complete process:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO example.com%0a250 example.com Hello example.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3cfrom@example.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cto@example.com>%0a250 2.1.5 Destination address valid: Recipient ok%0aDATA%0a354 Enter mail, end with "." on a line by itself%0aSubject: Alpha Bravo Charlie Delta%0a%0aEcho Foxtrot Golf Hotel%0a.%0a250 2.0.0 e57f9a36 Message accepted for delivery%0aQUIT%0a221 2.0.0 Bye%0a@]%0a%0a!! Open Mail Relay%0a%0aMake sure your mail server is not an [[opensmtpd/openrelay|open relay]]!%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO fakedomain.com%0a250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3ccriminal@fakedomain.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cvictim@otherplace.com>%0a550 Invalid recipient: %3cvictim@otherplace.com>%0a@]%0a%0aIn this example, you are pretending to send email from criminal@fakedomain.com to%0avictim@otherplace.com using example.com as a relay.%0a%0aYou should get @@Invalid recipient@@ or some similar rejection message.%0aIf you do not, example.com is likely running an open mail relay.%0a%0aHere's how it appears when the mail server is improperly configured:%0a%0a[@%0a$ nc example.com 25 %0a220 example.com ESMTP OpenSMTPD%0aHELO fakedomain.com%0a250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0aMAIL FROM: %3ccriminal@fakedomain.com>%0a250 2.0.0 Ok%0aRCPT TO: %3cvictim@otherplace.com>%0a250 2.1.5 Destination address valid: Recipient ok%0a@]%0a%0aNotice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam another mail server with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a%0a!! Testing Deliverability%0a%0a|| border=1 width=100%25 class="sortable simpletable"%0a||! URL ||! Description ||%0a|| https://dkimvalidator.com/ || Send a test email and see if DKIM/SPF validation passes ||%0a|| http://multirbl.valli.org || Send a test email and look for any red flags ||%0a|| https://dmarc.org/resources/deployment-tools/ || ||%0a|| https://toolbox.googleapps.com/apps/checkmx || ||%0a|| https://postmaster.google.com/u/0/managedomains || ||%0a|| https://www.mail-tester.com || ||%0a|| https://www.spamscore.net/ || ||%0a|| https://glockapps.com/ || ||%0a|| https://www.senderscore.org/ || ||%0a|| https://www.gmass.co/inbox || ||%0a|| [[mailto:autoreply@dmarctest.org|autoreply@dmarctest.org]] || ||%0a|| [[mailto:check-auth@verifier.port25.com|check-auth@verifier.port25.com]] || ||%0a|| [[mailto:mailtest@unlocktheinbox.com|mailtest@unlocktheinbox.com]] || ||%0a%0a!! How to Fix%0a%0aYou will want to check your [[openbsd/opensmtpd|smtpd.conf]] ruleset to make sure you '''never''' allow any domain to send to any domain. You should only allow local hosts to send to external domains, and for any host to send to your domains.%0a%0a!! See Also%0a
12 time=1679415137
13 title=Test your mail server
14 author:1679415137=Yonle
15 diff:1679415137:1679400394:=28c28%0a%3c >>> EHLO localhost%0a---%0a> >>> HELO localhost%0a
16 host:1679415137=109.123.237.53
17 author:1679400394=Yonle
18 csum:1679400394=HELO
19 diff:1679400394:1656846787:=28c28%0a%3c >>> HELO localhost%0a---%0a> >>> EHLO localhost%0a
20 host:1679400394=109.123.237.53
21 author:1656846787=mkf
22 diff:1656846787:1652075408:=174,176c174,176%0a%3c || [[mailto:autoreply@dmarctest.org|autoreply@dmarctest.org]] || ||%0a%3c || [[mailto:check-auth@verifier.port25.com|check-auth@verifier.port25.com]] || ||%0a%3c || [[mailto:mailtest@unlocktheinbox.com|mailtest@unlocktheinbox.com]] || ||%0a---%0a> || autoreply@dmarctest.org || ||%0a> || check-auth@verifier.port25.com || ||%0a> || mailtest@unlocktheinbox.com || ||%0a
23 host:1656846787=91.185.141.127
24 author:1652075408=mkf
25 diff:1652075408:1633615189:=162,163c162%0a%3c || border=1 width=100%25 class="sortable simpletable"%0a%3c ||! URL ||! Description ||%0a---%0a> || URL || What's Tested ||%0a170,173c169,172%0a%3c || https://www.spamscore.net/ || ||%0a%3c || https://glockapps.com/ || ||%0a%3c || https://www.senderscore.org/ || ||%0a%3c || https://www.gmass.co/inbox || ||%0a---%0a> || https://www.spamscore.net/ ||%0a> || https://glockapps.com/||%0a> || https://www.senderscore.org/ || %0a> || https://www.gmass.co/inbox ||%0a
26 host:1652075408=2.178.155.135
27 author:1633615189=jrmu
28 diff:1633615189:1622809434:=169,172c169%0a%3c || https://www.spamscore.net/ ||%0a%3c || https://glockapps.com/||%0a%3c || https://www.senderscore.org/ || %0a%3c || https://www.gmass.co/inbox ||%0a---%0a> %0a
29 host:1633615189=125.231.16.237
30 author:1622809434=jrmu
31 diff:1622809434:1622805956:=163,164c163,164%0a%3c || https://dkimvalidator.com/ || Send a test email and see if DKIM/SPF validation passes ||%0a%3c || http://multirbl.valli.org || Send a test email and look for any red flags ||%0a---%0a> || https://dkimvalidator.com/ || ||%0a> || http://multirbl.valli.org || ||%0a
32 host:1622809434=38.81.163.143
33 author:1622805956=jrmu
34 diff:1622805956:1622804586:=162,172c162,172%0a%3c || URL || What's Tested ||%0a%3c || https://dkimvalidator.com/ || ||%0a%3c || http://multirbl.valli.org || ||%0a%3c || https://dmarc.org/resources/deployment-tools/ || ||%0a%3c || https://toolbox.googleapps.com/apps/checkmx || ||%0a%3c || https://postmaster.google.com/u/0/managedomains || ||%0a%3c || https://www.mail-tester.com || ||%0a%3c %0a%3c || autoreply@dmarctest.org || ||%0a%3c || check-auth@verifier.port25.com || ||%0a%3c || mailtest@unlocktheinbox.com || ||%0a---%0a> * https://www.dnswl.org%0a> * https://dkimvalidator.com/%0a> * http://multirbl.valli.org%0a> * https://dmarc.org/resources/deployment-tools/%0a> * https://toolbox.googleapps.com/apps/checkmx%0a> * https://postmaster.google.com/u/0/managedomains%0a> * https://www.mail-tester.com%0a> %0a> * autoreply@dmarctest.org%0a> * check-auth@verifier.port25.com%0a> * mailtest@unlocktheinbox.com%0a
35 host:1622805956=38.81.163.143
36 author:1622804586=jrmu
37 diff:1622804586:1622803977:=47,48c47,50%0a%3c !! Sending with your mail client%0a%3c %0a---%0a> !! Basic Receiving of Mail%0a> %0a> !!! Sending with your mail client%0a> %0a53,54c55,56%0a%3c !! Sending with netcat%0a%3c %0a---%0a> !!! Sending with netcat%0a> %0a160,172c162,174%0a%3c !! Testing Deliverability%0a%3c %0a%3c * https://www.dnswl.org%0a%3c * https://dkimvalidator.com/%0a%3c * http://multirbl.valli.org%0a%3c * https://dmarc.org/resources/deployment-tools/%0a%3c * https://toolbox.googleapps.com/apps/checkmx%0a%3c * https://postmaster.google.com/u/0/managedomains%0a%3c * https://www.mail-tester.com%0a%3c %0a%3c * autoreply@dmarctest.org%0a%3c * check-auth@verifier.port25.com%0a%3c * mailtest@unlocktheinbox.com%0a---%0a> %0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a
38 host:1622804586=38.81.163.143
39 author:1622803977=jrmu
40 diff:1622803977:1622802181:=135c135%0a%3c MAIL FROM: %3ccriminal@fakedomain.com>%0a---%0a> MAIL FROM: %3cusername@example.com>%0a137,138c137,138%0a%3c RCPT TO: %3cvictim@otherplace.com>%0a%3c 550 Invalid recipient: %3cvictim@otherplace.com>%0a---%0a> RCPT TO: %3cvictim@example.com>%0a> 550 Invalid recipient: %3cvictim@example.com>%0a141,143c141,143%0a%3c In this example, you are pretending to send email from criminal@fakedomain.com to%0a%3c victim@otherplace.com using example.com as a relay.%0a%3c %0a---%0a> In this example, you are pretending to send email from username@example.com to%0a> victim@example.com.%0a> %0a154c154%0a%3c MAIL FROM: %3ccriminal@fakedomain.com>%0a---%0a> MAIL FROM: %3cusername@example.com>%0a156c156%0a%3c RCPT TO: %3cvictim@otherplace.com>%0a---%0a> RCPT TO: %3cvictim@example.com>%0a160c160%0a%3c Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam another mail server with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a---%0a> Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam external domains with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a
41 host:1622803977=38.81.163.143
42 author:1622802181=jrmu
43 diff:1622802181:1622801307:=133,135c133,135%0a%3c HELO fakedomain.com%0a%3c 250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cusername@example.com>%0a---%0a> HELO example.com%0a> 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a137,138c137,138%0a%3c RCPT TO: %3cvictim@example.com>%0a%3c 550 Invalid recipient: %3cvictim@example.com>%0a---%0a> RCPT TO: %3circnownetwork@gmail.com>%0a> 550 Invalid recipient: %3circnownetwork@gmail.com>%0a141,143d140%0a%3c In this example, you are pretending to send email from username@example.com to%0a%3c victim@example.com.%0a%3c %0a145,146c142%0a%3c If you do not, example.com is likely running an open mail relay.%0a%3c %0a---%0a> %0a150,154c146,150%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a%3c HELO fakedomain.com%0a%3c 250 example.com Hello fakedomain.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cusername@example.com>%0a---%0a> $ nc bangcat.coconut.ircnow.org 25 %0a> 220 bangcat.coconut.ircnow.org ESMTP OpenSMTPD%0a> HELO example.com%0a> 250 bangcat.coconut.ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a156c152%0a%3c RCPT TO: %3cvictim@example.com>%0a---%0a> RCPT TO: %3ctest@gmail.com>%0a
44 host:1622802181=38.81.163.143
45 author:1622801307=jrmu
46 diff:1622801307:1622800727:=57,58c57,58%0a%3c You can test to see if you can send a letter to your server using [[netcat/SMTP|netcat]]:%0a%3c %0a---%0a> Here's how to send a letter using [[netcat/usage|netcat]]:%0a> %0a125a126,138%0a> %0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a128,129c141,142%0a%3c Make sure your mail server is not an [[opensmtpd/openrelay|open relay]]!%0a%3c %0a---%0a> Here's how a proper mail server (not an open relay) will do when you send from a spoofed domain to another external domain:%0a> %0a157,170d169%0a%3c %0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a%3c %0a
47 host:1622801307=38.81.163.143
48 author:1622800727=jrmu
49 diff:1622800727:1622799974:=60,61c60,61%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a68c68%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a74c74%0a%3c MAIL FROM: %3cfrom@example.com>%0a---%0a> MAIL FROM: %3ctest@example.com>%0a81c81%0a%3c RCPT TO: %3cto@example.com>%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a107,108c107,108%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a110,111c110,111%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3cfrom@example.com>%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a113c113%0a%3c RCPT TO: %3cto@example.com>%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a144,145c144,145%0a%3c $ nc example.com 25 %0a%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a147c147%0a%3c 250 example.com Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a
50 host:1622800727=38.81.163.143
51 author:1622799974=jrmu
52 diff:1622799974:1622799532:=49,50d48%0a%3c !!! Sending with your mail client%0a%3c %0a55,57c53%0a%3c !!! Sending with netcat%0a%3c %0a%3c Here's how to send a letter using [[netcat/usage|netcat]]:%0a---%0a> Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a
53 host:1622799974=38.81.163.143
54 author:1622799532=jrmu
55 diff:1622799532:1622799367:=46,51d45%0a%3c %0a%3c !! Basic Receiving of Mail%0a%3c %0a%3c You should also send email from a known, working email address to your new%0a%3c mail server. Afterwards, configure your [[email/email|e-mail client]] to see if%0a%3c you were able to receive the letter.%0a
56 host:1622799532=38.81.163.143
57 author:1622799367=jrmu
58 diff:1622799367:1622794925:=9d8%0a%3c $ sendmail -v -F fromname -f from@example.com to@example.com%0a18,25c17%0a%3c Replace @@fromname@@ with the name of the sender (your name), @@from@example.com@@%0a%3c with the sender's address, and @@to@example.com@@ with the email you want to send%0a%3c to.%0a%3c %0a%3c Press ctrl+d to end the letter.%0a%3c %0a%3c You should see the following output:%0a%3c %0a---%0a> %0a27c19,25%0a%3c %3c%3c%3c 220 example.com ESMTP OpenSMTPD%0a---%0a> $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a> @]%0a> %0a> Inside ~/samplemail:%0a> %0a> [@%0a> %3c%3c%3c 220 mail.ircnow.org ESMTP OpenSMTPD%0a29c27%0a%3c %3c%3c%3c 250-example.com Hello localhost [local], pleased to meet you%0a---%0a> %3c%3c%3c 250-mail.ircnow.org Hello localhost [local], pleased to meet you%0a33d30%0a%3c %3c%3c%3c 250-DSN%0a35c32%0a%3c >>> MAIL FROM:%3cfrom@example.com>  %0a---%0a> >>> MAIL FROM:%3cexample@ircnow.org>  %0a37c34%0a%3c >>> RCPT TO:%3cto@example.com> %0a---%0a> >>> RCPT TO:%3cmailtest@unlocktheinbox.com> %0a42c39%0a%3c %3c%3c%3c 250 2.0.0 379ec228 Message accepted for delivery%0a---%0a> %3c%3c%3c 250 2.0.0 66f4c965 Message accepted for delivery%0a47,48c44,71%0a%3c Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a%3c %0a---%0a>   * https://www.dnswl.org%0a>   * https://dkimvalidator.com/%0a>   * http://multirbl.valli.org%0a>   * https://dmarc.org/resources/deployment-tools/%0a>   * https://toolbox.googleapps.com/apps/checkmx%0a>   * https://postmaster.google.com/u/0/managedomains%0a>   * https://www.mail-tester.com%0a> %0a>   * autoreply@dmarctest.org%0a>   * check-auth@verifier.port25.com%0a>   * mailtest@unlocktheinbox.com%0a> %0a> %0a> %0a> An open proxy allows any Internet user to send or receive messages using that server to hide the sender. Sometimes it can be used to provide privacy for users and bypass censorship, but often times it is unintentional. Your server could be abused to send spam because of a misconfiguration of your server.%0a> %0a> An open proxy for mail is referred to as an open mail relay. Chances are, if you're reading this, it's because your mail server has been banned for being an open mail relay.%0a> %0a> !! Why stop open proxies?%0a> %0a> # It could be used to send malware (viruses, trojans, or worms)%0a> # It can be used to send spam%0a> # Your IP will get blacklisted and put on a [[openbsd/dnsbl|DNS blacklist]]%0a> %0a> !! Sample Config%0a> %0a> Here is a sample '''misconfiguration''' (do '''NOT''' use these configs):%0a> %0a50,51c73%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a---%0a> match from any for any relay%0a54,55c76,77%0a%3c Next, we type HELO followed by our sending domain:%0a%3c %0a---%0a> If you're using [[openbsd/dkimproxy|dkimproxy]]:%0a> %0a57,58c79%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a---%0a> match from any for any action "relay_dkim"%0a61,62c82,87%0a%3c Afterwards, we type our sending mail address:%0a%3c %0a---%0a> Don't use either of the above configurations, or your mail server will be used by spammers and crackers to flood the internet with trash mail.%0a> %0a> !! Testing for Open Mail Relays%0a> %0a> Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a> %0a64,65c89,90%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a---%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a68,69c93,94%0a%3c And the destination mail address:%0a%3c %0a---%0a> Next, we type HELO followed by our sending domain:%0a> %0a71,72c96,97%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a---%0a> HELO example.com%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a75,76c100,101%0a%3c Then we type DATA followed by our email:%0a%3c %0a---%0a> Afterwards, we type our sending mail address:%0a> %0a78,82c103,104%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a---%0a> MAIL FROM: %3ctest@example.com>%0a> 250 2.0.0 Ok%0a85,86c107,108%0a%3c We then type . to end the email, then QUIT:%0a%3c %0a---%0a> And the destination mail address:%0a> %0a88,91c110,111%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a---%0a> RCPT TO: %3cjrmu@ircnow.org>%0a> 250 2.1.5 Destination address valid: Recipient ok%0a94,95c114,115%0a%3c Here's the complete process:%0a%3c %0a---%0a> Then we type DATA followed by our email:%0a> %0a97,104d116%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a110,113d121%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a116,127c124,153%0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a---%0a> We then type . to end the email, then QUIT:%0a> %0a> [@%0a> .%0a> 250 2.0.0 e57f9a36 Message accepted for delivery%0a> QUIT%0a> 221 2.0.0 Bye%0a> @]%0a> %0a> Here's the complete process:%0a> %0a> [@%0a> $ nc ircnow.org 25 %0a> 220 ircnow.org ESMTP OpenSMTPD%0a> HELO example.com%0a> 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a> MAIL FROM: %3ctest@example.com>%0a> 250 2.0.0 Ok%0a> RCPT TO: %3cjrmu@ircnow.org>%0a> 250 2.1.5 Destination address valid: Recipient ok%0a> DATA%0a> 354 Enter mail, end with "." on a line by itself%0a> Subject: Alpha Bravo Charlie Delta%0a> %0a> Echo Foxtrot Golf Hotel%0a> .%0a> 250 2.0.0 e57f9a36 Message accepted for delivery%0a> QUIT%0a> 221 2.0.0 Bye%0a> @]%0a
59 host:1622799367=38.81.163.143
60 author:1622794925=jrmu
61 diff:1622794925:1622794110:=1,7c1,2%0a%3c (:title Test your mail server:)%0a%3c %0a%3c !! Basic Sending of Mail%0a%3c %0a%3c As a first basic test, try to send mail using sendmail. You'll want to log in%0a%3c to the server using ssh. Then on the server, create the file ~/samplemail:%0a%3c %0a---%0a> To check that the mail server works:%0a> %0a9,14c4%0a%3c Subject: Alpha Bravo%0a%3c MIME-Version: 1.0 %0a%3c Content-Type: text/plain; charset=us-ascii%0a%3c Content-Disposition: inline%0a%3c %0a%3c Charlie Delta Echo Foxtrot%0a---%0a> $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a17c7,8%0a%3c %0a---%0a> Inside ~/samplemail:%0a> %0a19c10,17%0a%3c $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a---%0a> From: example %3cexample@ircnow.org>%0a> To: mailtest@unlocktheinbox.com%0a> Subject: Alpha Bravo%0a> MIME-Version: 1.0 %0a> Content-Type: text/plain; charset=us-ascii%0a> Content-Disposition: inline%0a> %0a> Charlie Delta Echo Foxtrot%0a22,23d19%0a%3c Inside ~/samplemail:%0a%3c %0a56,191d51%0a%3c %0a%3c %0a%3c An open proxy allows any Internet user to send or receive messages using that server to hide the sender. Sometimes it can be used to provide privacy for users and bypass censorship, but often times it is unintentional. Your server could be abused to send spam because of a misconfiguration of your server.%0a%3c %0a%3c An open proxy for mail is referred to as an open mail relay. Chances are, if you're reading this, it's because your mail server has been banned for being an open mail relay.%0a%3c %0a%3c !! Why stop open proxies?%0a%3c %0a%3c # It could be used to send malware (viruses, trojans, or worms)%0a%3c # It can be used to send spam%0a%3c # Your IP will get blacklisted and put on a [[openbsd/dnsbl|DNS blacklist]]%0a%3c %0a%3c !! Sample Config%0a%3c %0a%3c Here is a sample '''misconfiguration''' (do '''NOT''' use these configs):%0a%3c %0a%3c [@%0a%3c match from any for any relay%0a%3c @]%0a%3c %0a%3c If you're using [[openbsd/dkimproxy|dkimproxy]]:%0a%3c %0a%3c [@%0a%3c match from any for any action "relay_dkim"%0a%3c @]%0a%3c %0a%3c Don't use either of the above configurations, or your mail server will be used by spammers and crackers to flood the internet with trash mail.%0a%3c %0a%3c !! Testing for Open Mail Relays%0a%3c %0a%3c Here's how we test sending a letter using [[openbsd/netcat|netcat]]:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c @]%0a%3c %0a%3c Next, we type HELO followed by our sending domain:%0a%3c %0a%3c [@%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c @]%0a%3c %0a%3c Afterwards, we type our sending mail address:%0a%3c %0a%3c [@%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c @]%0a%3c %0a%3c And the destination mail address:%0a%3c %0a%3c [@%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c @]%0a%3c %0a%3c Then we type DATA followed by our email:%0a%3c %0a%3c [@%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a%3c @]%0a%3c %0a%3c We then type . to end the email, then QUIT:%0a%3c %0a%3c [@%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c Here's the complete process:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3cjrmu@ircnow.org>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c DATA%0a%3c 354 Enter mail, end with "." on a line by itself%0a%3c Subject: Alpha Bravo Charlie Delta%0a%3c %0a%3c Echo Foxtrot Golf Hotel%0a%3c .%0a%3c 250 2.0.0 e57f9a36 Message accepted for delivery%0a%3c QUIT%0a%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c !! Open Mail Relay%0a%3c %0a%3c Here's how a proper mail server (not an open relay) will do when you send from a spoofed domain to another external domain:%0a%3c %0a%3c [@%0a%3c $ nc ircnow.org 25 %0a%3c 220 ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3circnownetwork@gmail.com>%0a%3c 550 Invalid recipient: %3circnownetwork@gmail.com>%0a%3c @]%0a%3c %0a%3c You should get @@Invalid recipient@@ or some similar rejection message.%0a%3c %0a%3c Here's how it appears when the mail server is improperly configured:%0a%3c %0a%3c [@%0a%3c $ nc bangcat.coconut.ircnow.org 25 %0a%3c 220 bangcat.coconut.ircnow.org ESMTP OpenSMTPD%0a%3c HELO example.com%0a%3c 250 bangcat.coconut.ircnow.org Hello example.com [38.81.163.143], pleased to meet you%0a%3c MAIL FROM: %3ctest@example.com>%0a%3c 250 2.0.0 Ok%0a%3c RCPT TO: %3ctest@gmail.com>%0a%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c @]%0a%3c %0a%3c Notice this time it says @@Recipient ok@@ even though it comes from a spoofed sender to an external domain. This will allow anyone to use @@your@@ server to spam external domains with forged addresses. If you don't fix this, you will get blacklisted for spam!%0a%3c %0a%3c !! How to Fix%0a%3c %0a%3c You will want to check your [[openbsd/opensmtpd|smtpd.conf]] ruleset to make sure you '''never''' allow any domain to send to any domain. You should only allow local hosts to send to external domains, and for any host to send to your domains.%0a%3c %0a%3c !! See Also%0a
62 host:1622794925=38.81.163.143
63 author:1622794110=jrmu
64 diff:1622794110:1622794110:=1,51d0%0a%3c To check that the mail server works:%0a%3c %0a%3c [@%0a%3c $ sendmail -tv -F example -f example@ircnow.org %3c ~/samplemail%0a%3c @]%0a%3c %0a%3c Inside ~/samplemail:%0a%3c %0a%3c [@%0a%3c From: example %3cexample@ircnow.org>%0a%3c To: mailtest@unlocktheinbox.com%0a%3c Subject: Alpha Bravo%0a%3c MIME-Version: 1.0 %0a%3c Content-Type: text/plain; charset=us-ascii%0a%3c Content-Disposition: inline%0a%3c %0a%3c Charlie Delta Echo Foxtrot%0a%3c @]%0a%3c %0a%3c [@%0a%3c %3c%3c%3c 220 mail.ircnow.org ESMTP OpenSMTPD%0a%3c >>> EHLO localhost%0a%3c %3c%3c%3c 250-mail.ircnow.org Hello localhost [local], pleased to meet you%0a%3c %3c%3c%3c 250-8BITMIME%0a%3c %3c%3c%3c 250-ENHANCEDSTATUSCODES%0a%3c %3c%3c%3c 250-SIZE 36700160%0a%3c %3c%3c%3c 250 HELP%0a%3c >>> MAIL FROM:%3cexample@ircnow.org>  %0a%3c %3c%3c%3c 250 2.0.0 Ok%0a%3c >>> RCPT TO:%3cmailtest@unlocktheinbox.com> %0a%3c %3c%3c%3c 250 2.1.5 Destination address valid: Recipient ok%0a%3c >>> DATA%0a%3c %3c%3c%3c 354 Enter mail, end with "." on a line by itself%0a%3c >>> .%0a%3c %3c%3c%3c 250 2.0.0 66f4c965 Message accepted for delivery%0a%3c >>> QUIT%0a%3c %3c%3c%3c 221 2.0.0 Bye%0a%3c @]%0a%3c %0a%3c   * https://www.dnswl.org%0a%3c   * https://dkimvalidator.com/%0a%3c   * http://multirbl.valli.org%0a%3c   * https://dmarc.org/resources/deployment-tools/%0a%3c   * https://toolbox.googleapps.com/apps/checkmx%0a%3c   * https://postmaster.google.com/u/0/managedomains%0a%3c   * https://www.mail-tester.com%0a%3c %0a%3c   * autoreply@dmarctest.org%0a%3c   * check-auth@verifier.port25.com%0a%3c   * mailtest@unlocktheinbox.com%0a%3c %0a
65 host:1622794110=38.81.163.143