hit more fairways. make more putts. avoid the hazards. play by the rules.
RIM Profile in WSJ »
« Let Me Help With That Viral Marketing Campaign…
Nyah nyah

Posted on Monday 25 April 2005

OK, I admit that this is a bit childish, and could be considered a dare among certain constituencies. But one of the reasons that I run my servers on Macs is that they are a) simple to admin and b) simple to lock down.

Take, f’r'instance, the old problem of open relays. I characterize it as an old problem because these days zombied Windows machines on broadband connections are a much larger source of spam that open relays. Nevertheless, some organizations (like these guys) still test mail servers for open relays all the time. It looks like this in a mail server log:

Mon, Apr 25, 2005 2:04:36 PM -0400 SMTP port scan from 209.208.0.15
Mon, Apr 25, 2005 2:04:48 PM -0400 Refused to relay message from relaytestsend@rt.njabl.org at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:48 PM -0400 Receive failed from rt.njabl.org (209.208.0.15), sender relaytestsend@barse.org not known.
Mon, Apr 25, 2005 2:04:48 PM -0400 Receive failed from rt.njabl.org (209.208.0.15), sender “relaytestsend@rt.njabl.org”@barse.org not known.
Mon, Apr 25, 2005 2:04:48 PM -0400 Receive failed from rt.njabl.org (209.208.0.15), sender relaytestsend@barse.org not known.
Mon, Apr 25, 2005 2:04:48 PM -0400 Refused to relay message from relaytestsend@localhost. at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:48 PM -0400 Refused to relay message from at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:48 PM -0400 Receive failed from rt.njabl.org (209.208.0.15), sender relaytestsend@[66.166.138.26] not known.
Mon, Apr 25, 2005 2:04:48 PM -0400 Refused to relay message from relaytestsend@h-66-166-138-26.mclnva23.covad.net at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:49 PM -0400 Refused to relay message from relaytestsend@mclnva23.covad.net at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:49 PM -0400 Refused to relay message from postmaster@mclnva23.covad.net at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:49 PM -0400 Refused to relay message from relaytestsend@covad.net at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:49 PM -0400 Refused to relay message from postmaster@covad.net at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.
Mon, Apr 25, 2005 2:04:49 PM -0400 Refused to relay message from postmaster@barse.org at host rt.njabl.org (209.208.0.15) to relaytest@rr.njabl.org.

Here’s how that reads, in English.

First, they scanned the ports on my server to see if port 25, the SMTP port, was open. It was, as it needs to be to accept mail from other SMTP servers and mail clients.
Then they tried a straight test for an open relay. Then they tried to send three messages as if they had accounts on my server.
Then they tried two more relay tests, followed by another bogus sender test, followed by six (count ‘em, six) bogus sender tests with all sorts of permutations of senders and domains.

Guess what? My server is a Mac, and it’s locked down tight. Has been since day one, thanks to Apple and to Glenn Anderson.


Sorry, the comment form is closed at this time.