abhishek singh spake the following on 9/20/2006 9:38 PM: > i have never opened telnet ok , my xinetd service is > off so there is no telnet service , i m doing telnet > to outside to 25 port on my mail server and there is > proper smtp authentication enabled on server , the > problem is anyuser (non-existing) with my domain can > send mail to my real domain users. > below is example........ > > ##EXAMPLE 1> > > telnet 192.168.1.4 25 > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > mail.domain.com > ehlo domain.com > 250-mail.domain.com Hello [192.168.1.5], pleased to > meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN > 250-STARTTLS > 250-DELIVERBY > 250 HELP > MAIL FROM:<axy at domain.com> > 250 2.1.0 <axy at domain.com>... Sender ok > RCPT TO:<abhi at domain.com> > 250 2.1.5 <abhi at domain.com>... Recipient ok > DATA > 354 Enter mail, end with "." on a line by itself > this is bad > . > 250 2.0.0 k8L4I0FL004621 Message accepted for delivery > quit > 221 2.0.0 mail.domain.com closing connection > #################################################### > EXAMPLE-2 > > telnet 192.168.1.4 25 > > 220 UNAUTHORIZED ESMTP ACCESS IS PROHIBITED > mail.domain.com > ehlo domain.com > 250-mail.domain.com Hello [192.168.1.5], pleased to > meet you > 250-ENHANCEDSTATUSCODES > 250-PIPELINING > 250-8BITMIME > 250-SIZE > 250-DSN > 250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN > 250-STARTTLS > 250-DELIVERBY > 250 HELP > MAIL FROM:<alex at mai.com> > 250 2.1.0 <alex at mai.com>... Sender ok > RCPT TO:<abhi at domain.com> > 250 2.1.5 <abhi at domain.com>... Recipient ok > DATA > 354 Enter mail, end with "." on a line by itself > hjsdhkjhdfkjhsdkf > sfdkdkfjdkg > . > 250 2.0.0 k8L4LUMY004822 Message accepted for delivery > quit > 221 2.0.0 mail.domain.com closing connection > > > Connection to host lost. > > > In above example u can see in the 1st example the > sender(xyz) is not real user of my domain , still he > is able to sendmail to my real users (abhi). > > In second scenario sender is able to send mail by > forging domain name by any domain to my domain users. > > i have replaced my real domain name with domain.com > and i have to do same thing from out side network , in > my /etc/mail/access file only 127.0.0.1 is allowed . > > when i am trying to send mail to another domain then > relaying is denied means my mail server is not open > relay. > > plz help me. As long as you are telnetting in from a system on the same subnet as your server, it will happily work. Try and do it from somewhere else. Do you hava access from home? A dialup account? Maybe someone on the list can try the same for you. Or use one of the relay tests like http://www.ordb.org/submit/ -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!!