Solved

DOMINO 8.5 and Cisco ASA 5510/ SPAM filter - SPAM Attack

Posted on 2010-08-30
10
984 Views
Last Modified: 2013-11-17
Hi Experts,

I have a DOMINO 8.5 on RedHat Ent Server and Cisco ASA 5510/ SPAM filter protecting it. ASA and SPAM module is up to date.  And also Domino is not on Open Relay. (25, 80 and 21 ports are visible to out side.)

But we have a huge SPAM issue, outsiders use this server as a SPAM relaying server and it's generating about 100,000 emails per day.

I'm completely new to Domino Email server so, experts please help me to start trouble shooting this.

Thanks a lot !
0
Comment
Question by:Shakthi777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
10 Comments
 
LVL 30

Expert Comment

by:Sudeep Sharma
ID: 33560696
Check if you server is used as a open relay. Below is a good open relay test you could perform on your server

http://www.mxtoolbox.com/diagnostic.aspx

Sudeep
0
 

Author Comment

by:Shakthi777
ID: 33563751
nope it's not open relay !

but i got below, not related to SPAM issue
" Reverse DNS FAILED! This is a problem."
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 33564778
Please can you post images (jpg) of the Configuration document for your server, especially the Inbound Restrictions and Outbound Restrictions of that document.

If, as you say, Domino is not an open relay, it can be the standard Linux mail environment or it is the Cisco. Did you check those possibility? I know nothing of Cisco routers, but if it does something with mail I suppose it's also capable of routing/transferring mails back to the Internet.

If you open, from the outside world, your server's SMTP port using telnet, what response do you get? Example:

      telnet mail.yourserver.abc 25

If you want me to try for you, you can send me the server's IP-address or Internet name in a small mail. My mail address is in my EE-profile.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 33564781
And another open relay check is this site:

http://www.abuse.net/relay.html
0
 

Author Comment

by:Shakthi777
ID: 33564850
Please advise !
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 554 Relay rejected for policy reasons.
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest%abuse.net">
<<< 554 Relay rejected for policy reasons.
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<securitytest@abuse.net@[xxx.xxx.xxx.xxx]>
<<< 501 Syntax error, parameters in command "RCPT TO:<securitytest@abuse.net@[xxx.xxx.xxx.xxx]>" unrecognized or missing
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest@abuse.net"@[xxx.xxx.xxx.xxx]>
<<< 554 Relay rejected for policy reasons.
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<securitytest@abuse.net@>
<<< 501 Syntax error, parameters in command "RCPT TO:<securitytest@abuse.net@>" unrecognized or missing
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<@[xxx.xxx.xxx.xxx]:securitytest@abuse.net>
<<< 554 Relay rejected for policy reasons.
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<@:securitytest@abuse.net>
<<< 501 Syntax error, parameters in command "RCPT TO:<@:securitytest@abuse.net>" unrecognized or missing
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<abuse.net!securitytest>
<<< 250 abuse.net!securitytest... Recipient OK

Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.

THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY

Open in new window

0
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 33565111
According to abuse, you're indeed an open relay. And apparently, using the telnet command above, the responding server is not a Domino server.

A Domino server responds like this:

server:~ # telnet 192.168.0.30 25
Trying 192.168.0.30...
Connected to 192.168.0.30.
Escape character is '^]'.
220 server.bosman.fr ESMTP Service (Lotus Domino Release 8.5) ready at Tue, 31 Aug 2010 10:20:16 +0200

I assume therefore that it's the Cisco that should have its configuration changed. Nice, a router that "filters" spam ... ;-))
0
 

Author Comment

by:Shakthi777
ID: 33565183
Thanks sjef_bosman: as per your request I sent you some information and waiting for your reply !
0
 

Author Closing Comment

by:Shakthi777
ID: 33565284
looking forward shoot some more questions for you !
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 33565328
Okay, thanks, but please post them here, in the EE forum.
0
 

Author Comment

by:Shakthi777
ID: 33565560
sure !
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem "Can you help me recover my changes?  I double-clicked the attachment, made changes, and then hit Save before closing it.  But when I try to re-open it, my changes are missing!"    Solution This solution opens the Outlook Secure Temp Fold…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question