DOMINO 8.5 and Cisco ASA 5510/ SPAM filter - SPAM Attack
Hi Experts,
I have a DOMINO 8.5 on RedHat Ent Server and Cisco ASA 5510/ SPAM filter protecting it. ASA and SPAM module is up to date. And also Domino is not on Open Relay. (25, 80 and 21 ports are visible to out side.)
But we have a huge SPAM issue, outsiders use this server as a SPAM relaying server and it's generating about 100,000 emails per day.
I'm completely new to Domino Email server so, experts please help me to start trouble shooting this.
Thanks a lot !
I have a DOMINO 8.5 on RedHat Ent Server and Cisco ASA 5510/ SPAM filter protecting it. ASA and SPAM module is up to date. And also Domino is not on Open Relay. (25, 80 and 21 ports are visible to out side.)
But we have a huge SPAM issue, outsiders use this server as a SPAM relaying server and it's generating about 100,000 emails per day.
I'm completely new to Domino Email server so, experts please help me to start trouble shooting this.
Thanks a lot !
ASKER
nope it's not open relay !
but i got below, not related to SPAM issue
" Reverse DNS FAILED! This is a problem."
but i got below, not related to SPAM issue
" Reverse DNS FAILED! This is a problem."
Please can you post images (jpg) of the Configuration document for your server, especially the Inbound Restrictions and Outbound Restrictions of that document.
If, as you say, Domino is not an open relay, it can be the standard Linux mail environment or it is the Cisco. Did you check those possibility? I know nothing of Cisco routers, but if it does something with mail I suppose it's also capable of routing/transferring mails back to the Internet.
If you open, from the outside world, your server's SMTP port using telnet, what response do you get? Example:
telnet mail.yourserver.abc 25
If you want me to try for you, you can send me the server's IP-address or Internet name in a small mail. My mail address is in my EE-profile.
If, as you say, Domino is not an open relay, it can be the standard Linux mail environment or it is the Cisco. Did you check those possibility? I know nothing of Cisco routers, but if it does something with mail I suppose it's also capable of routing/transferring mails back to the Internet.
If you open, from the outside world, your server's SMTP port using telnet, what response do you get? Example:
telnet mail.yourserver.abc 25
If you want me to try for you, you can send me the server's IP-address or Internet name in a small mail. My mail address is in my EE-profile.
ASKER
Please advise !
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 554 Relay rejected for policy reasons.
Relay test 9
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest%abuse.net">
<<< 554 Relay rejected for policy reasons.
Relay test 10
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<securitytest@abuse.net@[xxx.xxx.xxx.xxx]>
<<< 501 Syntax error, parameters in command "RCPT TO:<securitytest@abuse.net@[xxx.xxx.xxx.xxx]>" unrecognized or missing
Relay test 11
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<"securitytest@abuse.net"@[xxx.xxx.xxx.xxx]>
<<< 554 Relay rejected for policy reasons.
Relay test 12
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<securitytest@abuse.net@>
<<< 501 Syntax error, parameters in command "RCPT TO:<securitytest@abuse.net@>" unrecognized or missing
Relay test 13
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<@[xxx.xxx.xxx.xxx]:securitytest@abuse.net>
<<< 554 Relay rejected for policy reasons.
Relay test 14
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<@:securitytest@abuse.net>
<<< 501 Syntax error, parameters in command "RCPT TO:<@:securitytest@abuse.net>" unrecognized or missing
Relay test 15
>>> RSET
<<< 250 Reset state
>>> MAIL FROM:<spamtest@[xxx.xxx.xxx.xxx]>
<<< 250 spamtest@[xxx.xxx.xxx.xxx]... Sender OK
>>> RCPT TO:<abuse.net!securitytest>
<<< 250 abuse.net!securitytest... Recipient OK
Relay test result
Hmmn, at first glance, host appeared to accept a message for relay.
THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks sjef_bosman: as per your request I sent you some information and waiting for your reply !
ASKER
looking forward shoot some more questions for you !
Okay, thanks, but please post them here, in the EE forum.
ASKER
sure !
http://www.mxtoolbox.com/diagnostic.aspx
Sudeep