0

Nessus finds my mailserver to be an open relay:

Here is a trace of the traffic that demonstrates the issue :

  S : 220 my.mailserver.at ESMTP
  C : HELO example.edu
  S : 250 my.mailserver.at Ok.
  C : MAIL FROM: <test_1@example.edu>
  S : 250 Ok.
  C : RCPT TO: <test_2@example.edu>
  S : 250 Ok.
  C : DATA
  S : 354 Ok.

but I don't find the setting where I could close it. The output can be reproduced with telnet, so I presume that's a valid vulerability.

ESMTPAUTH is enabled, so I figured, according to the documentation, relaying should only be permitted for authenticated users (so mails can be sent).

On the other hand, https://mxtoolbox.com checks ›OK – Not an open relay‹, http://www.aupads.org/ tells me (according to answers like the ones shown above), the server has accepted a mail for relaying but may or may not actually do it.

I skimmed through courierd esmtpd esmtpd-ssl and imapd-ssl config files, but would not find what setting(s) I have to adjust.

What am I missing? What can I provide to help track that down?

Add: That's the entire report for that vulnerability: Nessus: MTA Open Mail Relaying Allowed

Mat
  • 1
  • 2
  • Your sample trace doesn't demonstrate the issue because example.edu is an example domain, not your domain. It's impossible to know from your trace whether or not your server is an open relay. Can you, without authenticating, send an email via your server to a domain that your server is not authoritative for? – joeqwerty Feb 27 '22 at 15:54
  • Thx! That's not my sample issue, but the log from Nessus's test. As I read it, they connect to my server with these messages and (seemingly?) succeed. When I try to send a mail without authentication to a foreign domain, I get ›512, Relaying denied‹ (which is reassuring). However, Nessus's diagnose worries me, because I don't want to run a risk of becoming blacklisted. – Mat Feb 27 '22 at 19:46

0 Answers0