Hi,

I did a few suggestions, i did enter my IP inside the range as an ipadres allowing to send through this mailserver.

I for some reason put a slash between the name and the password, i corrected that (don't know why i did that) and from this point on i put the options on

I did turned the settings in connection control on from top to bottom....

If i turn the last one (Only authenticated...) then the top two option grey out, doing so resulted in this reaction from the Mercury server...

Connection from 80.126.108.7, Sat Jan 12 20:10:55 2008
EHLO [10.11.12.1]
MAIL FROM:<myname@druifjes.nl> SIZE=483
RCPT TO:<myname@gmail.com>
553 We do not relay without RFC2554 authentication.
QUIT
1 sec. elapsed, connection closed Sat Jan 12 20:10:56 2008

Connection from 122.126.239.29, Sat Jan 12 20:11:15 2008
HELO 80.126.108.7
554 Invalid HELO format
1 sec. elapsed, connection closed Sat Jan 12 20:11:16 2008

I turned the bottom option off, and from that point everything seems to work fine....

I hope it stays this way, Gentelmen, thanks for your advise and patience... a lot of patience i guess...

Anne

I'm not sure if I'm even in the right part of the forum for this but.....

I have a huge problem regarding spam.  It's not that I'm receiving it, but my Mercury/32 server appears to be sending it.  What befuddles me though is that it is sent from my account.  I run this server for my church and I have no interest in spamming other sites.  Here are some details:

I installed Mercury at the beginning of the summer and it has run great until about 10 minutes ago.  When I start the Mercury program, the SMTP client resolves an IP address and MX for korea.com and then sends messages to certain email addresses at that domain.  I have not assigned any local accounts yet and I'm the only user of the mail server (that I'm aware of).  I haven't gotten around to installing security measures yet on the server.  I have blacklisted korea.com

I would appreciate any help or suggestions, or I may just uninstall Mercury and then reinstall with a ton of security.
 

Are you sure the program isn't simply generating automatic replies to spam it's receiving? This is one of the problems with automatic replies, and is a good reason for making sure that you have SpamHalter properly trained and operational.

The problem *might* be a relaying issue, but it's not very likely. My immediate guess is that it's autoreplies, and that there's not a whole lot you can do about it unless you're willing to disable them.

Cheers!

-- David --
 

I have updated to v4.52 and it appears to be blocking most of the attempts.  I have also set up the following filters:

-If outgoing mail is from a non-local address then delete the message

-If outgoing mail is from a non-local address then expire the message 

huh? - have you checked the MercuryS flags, so that relaying is turned off?

You may want to test your server for open relay attempts. There are a few web-sites that can test this - f.ex. start by testing your domain from dnsreport.com

[quote user="Peter Strömblad"]

huh? - have you checked the MercuryS flags, so that relaying is turned off?

You may want to test your server for open relay attempts. There are a few web-sites that can test this - f.ex. start by testing your domain from dnsreport.com

[/quote]

You are correct.  I did the test at dnsreport.com and it reported that my MX had an open relay.  I'm assuming that I need to check the box next to 'Do not permit SMTP relaying of non-local mail' in the MercuryS Config box.  I thought I read somewhere that in order to send an email to another MX that it had to be unchecked.
 

No that's a misconception. relaying through authenticated connections is the safest way to go if you do not have control over your clients (IP-Wise and for that matter if they heaven forbid are taken over by some malic. sw)

Hi,

 I also experience some strange behavioural sends from my Mercury mail server but do not really know where to change settings as "configured perfectly"

My problem is related to finetuning the Mailserver

 I'll try first the given options, if i'll find them, and  return here if needed

 Thanks,

Anne.

Your server is a semi-open relay!

The spammer only has to forge the from address to say he is a local user (admin in this case) to be able to relay through your server.

In the SMTP server config, connection tab make sure that at least the top two relay controls are checked, so  you are using 'strict' relaying.
 

Got that, is there anything else i really need to do? I'm not so in reading long documents, sorry, but your advise was activated as i write (well, a few seconds after that actually).

Thanks

That should solve your problem, just make sure your users can send mail.

If they are all local (or on fixed ip's) add an IP range and check the box 'Connections from this range may relay mail'

For offsite dynamic ip's, set 'Authenticated users may relay' and set up an Auth.pwd file for usernames & pw's (read the help) :)

Hi,

Make sure that i can send mail..... ok..... checking....... ARGH!!! I get an message that my mail from two local users was not sent:

533 We do not relay without RFC 2554 authentication...

What's that?

I can't imagine that the previous settings to prevent replying to spammers is preventing sending mail outside my domain..... That's what i did in the first place, sending from my domain to another mail adres.... difficult....

Any suggestions?

I added the local ip range to the connection control adres range approved! Still, not able to send an e-mail, i even don't get an mail delivery failure. Without the range i got at least the error mail delivery msg.

 I even tried setting the attributes for the selected range, there are two options,
Connections from this adres range may relay mail through this server
Connections from this adres range are exempt from transaction filtering
I tried them both, no succes. Still getting "533 We do not relay without RFC 2554 authentication" message

 At this point i found out that the smtp server still is trying to send mail to .... KOREA.COM!!!!!!!!!!!!!!!!!!!!! AAAAAAAAAAAAAAAARGHHHH.

Easy boy, easy, i hope

I'm now in the process of adding authenticated user and password, maybe that helps...

Eh, hi again i guess, yesterday my connection to this support site broke down (not only mine) and i was not able to track the reactions. I was hoping some reactions would come...

The problem persists, still with the two options

Connections from this adres range may relay mail through this server
Connections from this adres range are exempt from transaction filtering

on, i can still not send any mails. Is there anybody out there who can suggest something?

Hope sooner than later, because my smtp is heavily sending spam to Korea.com and that is not funny.

Thanks everyone.

[quote user="anne"]

Eh, hi again i guess, yesterday my connection to this support site broke down (not only mine) and i was not able to track the reactions. I was hoping some reactions would come...

The problem persists, still with the two options

Connections from this adres range may relay mail through this server
Connections from this adres range are exempt from transaction filtering

on, i can still not send any mails. Is there anybody out there who can suggest something?

Hope sooner than later, because my smtp is heavily sending spam to Korea.com and that is not funny.

Thanks everyone.

[/quote]

Receiving spam from korea.com is not at all unusual and everybody gets it, usually with forged from addresses.

Relaying mail to other servers off your system from korea.com is an entirely different thing, you must turn off the relaying and set strict in  MercuryS so the spammers cannot relay.

If you want you local users to be able to relay off your server (i.e. send mail via mercuryS) then you need to set the third selection to allow authorized users to relay mail and then setup an authorization file with usernames and password of the users allowed to relay.

Thanks for answering Mr. Stephenson, but indeed i have done that already, resulting in local users who cannot send any mail.

I'll put some actions and results later here, so you can see what happens. Now i have to cook diner for four, so, give me some time to put every step in a document and put it here.

Anne.

 I was wondered by the fact that it seems that with the following settings, the mail stream from/to Korea.com seems to stop since posting this edit...

Mercury SMTP server
- Connection control
  IP Adress Allow
  10.0.0.1 - 10.255.255.255

Relaying control
V Do not permit SMTP relaying of non-local mail
  Use strict local relaying restrictions
V Authenticated SMTP connections may relay mail
  Only Authenticated SMTP connections may relay mail

AUTH Password file:test.test (contains)
(admin/password)

I dare not to change things other than the settings above, because they work a whole day without spam. I really would like to keep it at that, but if you, or anybody else thinks that this is wrong or something else, please inform me about it..

Thanks again people....

Anne

[quote user="anne"]

Mercury SMTP server
- Connection control
  IP Adress Allow
  10.0.0.1 - 10.255.255.255

[/quote]

I am assuming that all the users that send mail out through your server  have 10.*.*.* addresses.

[quote user="anne"]

Relaying control
V Do not permit SMTP relaying of non-local mail
  Use strict local relaying restrictions
V Authenticated SMTP connections may relay mail
  Only Authenticated SMTP connections may relay mail

AUTH Password file:test.test (contains)
(admin/password)

 [/quote]

You really need to turn ON "Strict local relaying restrictions"

Then click on the connection control entry in the list above and click 'Change Connection'.

Check the box for 'Connections from this range may relay mail through this server"

This will allow your local clients to relay mail without authenticating but not anyone from the internet. 

It is an option i'm willing to use, but as i wrote before, the spamming had stopped after the above settings....

Now, i find that weird, because when i tried your options, i could not send any more mail.... I now hope this setting you want me to set is not sc****ing things up, so later this day i will try your setting, again, and hope for me that this keeps working.

You asked if my users exist within the range i describe? Yes, they do.

I'll let you know what's next.

Thanks again...

 Anne

Hi,

Updating on your question, this message do i get when sending a message outside.

533 We do not relay without RFC 2554 authentication...

From inside to inside it's ok, and receiving is going ok too.

I'll wait another day.....

If you are set up as described then this should work. We need some more info about your setup. 

Could you post the following info:

1. [MercuryS] section of Mercury.ini

2. [Domains] section of Mercury.ini

3. Contents of mercurys.acl

4. SMTP session log of an attempt to send an outside message.
 

Ok, here it is: It worked fine before i activated your option. I think that's strange, that it is giving the opposite reaction, (i shake my head and make disapproving sounds) :-)

[MercuryS]
Debug : 1
HELO : mail.druifjes.nl
Logfile : C:\MERCURY\Logs\MERCURYS.LOG
Timeout : 30
Relay : 0
Strict_Relay : 1
Allow_Illegals : 0
SMTP_Authentication : 1
Auth_File : smtp.druifjes
Compliance_Settings : 0
Maximum_Failed_Rcpts : 4
Max_Relay_Attempts : 4
SSL_Mode : 0
ST_Blacklisting : 288
No_VRFY : 0
SMTP_ConnFlags : 0

[Domains]
druifjes: mail.druifjes.nl
druifjes: druifjes.nl

Actual, the bottom domain is made by myself, the other is a step towards webmail which does not work yet. Problems installing squirrel. (that's another story)

Mercurys.acl contains this: 6 10.0.0.1 10.255.255.255

a part from the SMTP history, if that is what you meant by session log....

Connection from 125.133.36.131, Thu Jan 10 23:49:06 2008
HELO akpmzdzok.net
MAIL From: <admin@druifjes.nl>
RCPT TO: <wertss33@hanmail.net>
Relay attempt: from <admin@druifjes.nl> to <wertss33@hanmail.net>.
553 We do not relay without RFC2554 authentication.
RCPT TO: <guswodl@yahoo.co.kr>
Relay attempt: from <admin@druifjes.nl> to <guswodl@yahoo.co.kr>.
553 We do not relay without RFC2554 authentication.
RCPT TO: <fjrgfg21@korea.com>
Relay attempt: from <admin@druifjes.nl> to <fjrgfg21@korea.com>.
553 We do not relay without RFC2554 authentication.
3 sec. elapsed, connection closed Thu Jan 10 23:49:09 2008

Connection from 219.84.178.135, Fri Jan 11 06:21:15 2008
HELO 80.126.108.7
554 Invalid HELO format
1 sec. elapsed, connection closed Fri Jan 11 06:21:16 2008

Connection from 74.164.121.68, Fri Jan 11 07:01:06 2008
HELO adsl-074-164-121-068.sip.bct.bellsouth.net
MAIL FROM:<jradio@ameripath.com>
RCPT TO:<myname@druifjes.nl>
DATA - 83 lines, 3776 bytes.
QUIT
4 sec. elapsed, connection closed Fri Jan 11 07:01:10 2008

Connection from 84.94.201.84, Fri Jan 11 07:12:47 2008
30 sec. elapsed, connection closed Fri Jan 11 07:13:17 2008

Connection from 84.94.201.84, Fri Jan 11 07:15:33 2008
30 sec. elapsed, connection closed Fri Jan 11 07:16:03 2008

Connection from 84.94.201.84, Fri Jan 11 07:17:31 2008
30 sec. elapsed, connection closed Fri Jan 11 07:18:01 2008

Connection from 84.94.201.84, Fri Jan 11 07:18:35 2008
30 sec. elapsed, connection closed Fri Jan 11 07:19:05 2008

Connection from 80.126.108.7, Fri Jan 11 08:30:19 2008
EHLO [10.11.12.1]
MAIL FROM:<myname@druifjes.nl> SIZE=672
RCPT TO:<myname@gmail.com>
Relay attempt: from <myname@druifjes.nl>  to <myname@gmail.com>.
553 We do not relay without RFC2554 authentication.
QUIT
1 sec. elapsed, connection closed Fri Jan 11 08:30:20 2008

As from yesterday afternoon i put your option to on, and immediate the spamming started again, sigh.

I hope you can find something, because i can't see the logic in it all...

Thanks again

Anne