Security Tips
 

スパム中継防止のため、第三者中継をチェックする

宮本 久仁男
2004/1/28

 メールの第三者中継(Third-Party Mail Relay)をチェックするには、relay-test.mail-abuse.orgのサービスを使うのが手軽でよい。第三者中継とは、多くのスパムメールが行っている方法で、メール送信者がその本人とは無関係の第三者のメールサーバを不正に中継し、身元を偽ってメールを送信することをいう。

 また、中継に使われたメールサーバでは、正規の利用者のメール配信の遅延やスパムメールの配信先からのクレームなどの被害を被ることになる。そのために管理者は第三者中継が行われていないかをチェックする必要がある。

 relay-test.mail-abuse.orgの使い方は簡単で、外部からSMTPコネクションを受け付けるサーバ(メールサーバ)からrelay-test.mail-abuse.orgに対してtelnet接続をすればよい。後は、自動的に19項目の試験を実施してくれる。また、ほかにも同様なサービスにhttp://www.abuse.net/relay.htmlがある。

 以下がrelay-test.mail-abuse.orgのサービス試験を実施した結果の例だ。

% telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to cygnus.mail-abuse.org.
Escape character is '^]'.
Connecting to 192.168.0.2 ...
<<< 220 example.com ESMTP
>>> HELO cygnus.mail-abuse.org
<<< 250 example.com
:Relay test: #Quote test
>>> mail from: <spamtest@ns2.example.com>
<<< 250 ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 1
>>> mail from: <nobody@mail-abuse.org>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 2
>>> mail from: <spamtest@maps1.pa.vix.com>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #test 3
>>> mail from: <spamtest@localhost>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 4
>>> mail from: <spamtest>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 5
>>> mail from: <>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 6
>>> mail from: <spamtest@ns2.example.com>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 7
>>> mail from: <spamtest@[192.168.0.2]>
<<< 250 ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
>>> rset
<<< 250 flushed
:Relay test: #Test 8
>>> mail from: <spamtest@ns2.example.com>
<<< 250 ok
>>> rcpt to: <nobody%mail-abuse.org@ns2.example.com>
<<< 250 ok
>>> QUIT
<<< 221 example.com
Tested host banner: 220 example.com ESMTP
System appeared to accept 1 relay attempts
Connection closed by foreign host.
%
図1 relay-test.mail-abuse.orgのサービス試験実施例

 筆者はqmailを使用して試験したときに、9つ目の試験で第三者中継を許可しているように判定され、試験が中断された。しかし、実際にはnobody%mail-abuse.orgという「名前」のメールボックスを探して配送に失敗するため、いわゆる第三者中継は行われない。

 最後まで正常に試験が実施されると、19個の項目についてのチェックが実施されることになる。なお、以下にrelay-test.mail-abuse.orgによるサービス試験成功時の例を記す(図2)。

%telnet relay-test.mail-abuse.org
Trying 168.61.4.13...
Connected to cygnus.mail-abuse.org.
Escape character is '^]'.
Connecting to 192.168.0.4 ...
<<< 220 mail2.example.com ESMTP Postfix
>>> HELO cygnus.mail-abuse.org
<<< 250 mail2.example.com
:Relay test: #Quote test
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 1
>>> mail from: <nobody@mail-abuse.org>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 2
>>> mail from: <spamtest@maps1.pa.vix.com>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #test 3
>>> mail from: <spamtest@localhost>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 4
>>> mail from: <spamtest>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 5
>>> mail from: <>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 6
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 7
>>> mail from: <spamtest@[192.168.0.4]>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 8
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <nobody%mail-abuse.org@mail2.example.com>
<<< 554 <nobody%mail-abuse.org@mail2.example.com>: Recipient address rejected: Re
<<< 554 <nobody%mail-abuse.org@mail2.example.com>: Recipient address rejected: Re
lay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 9
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <nobody%mail-abuse.org@[192.168.0.4]>
<<< 554 <nobody%mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
<<< 554 <nobody%mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
lay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 10
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <"nobody@mail-abuse.org">
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 11
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <"nobody%mail-abuse.org">
<<< 554 <nobody%mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 12
>>> mail from: <spamtest@[192.168.0.4]>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org@mail2.example.com">
<<< 501 Bad address syntax
>>> rset
<<< 250 Ok
:Relay test: #Test 13
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <"nobody@mail-abuse.org"@[192.168.0.4]>
<<< 554 <nobody@mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
<<< 554 <nobody@mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
lay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 14
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org@[192.168.0.4]>
<<< 554 <nobody@mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
<<< 554 <nobody@mail-abuse.org@[192.168.0.4]>: Recipient address rejected: Re
lay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 15
>>> mail from: <spamtest@[192.168.0.4]>
<<< 250 Ok
>>> rcpt to: <@mail2.example.com:nobody@mail-abuse.org>
<<< 554 <@mail2.example.com:nobody@mail-abuse.org>: Recipient address rejected: R
<<< 554 <@mail2.example.com:nobody@mail-abuse.org>: Recipient address rejected: R
elay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 16
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <@[192.168.0.4]:nobody@mail-abuse.org>
<<< 554 <@[192.168.0.4]:nobody@mail-abuse.org>: Recipient address rejected: R
<<< 554 <@[192.168.0.4]:nobody@mail-abuse.org>: Recipient address rejected: R
elay access denied
>>> rset
<<< 250 Ok
:Relay test: #Test 17
>>> mail from: <spamtest@[192.168.0.4]>
<<< 250 Ok
>>> rcpt to: <mail-abuse.org!nobody>
<<< 554 <mail-abuse.org!nobody>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
:Relay test: #test 18
>>> mail from: <spamtest@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <mail-abuse.org!nobody@[192.168.0.4]>
<<< 554 <mail-abuse.org!nobody@[192.168.0.4]>: Recipient address rejected: Re
<<< 554 <mail-abuse.org!nobody@[192.168.0.4]>: Recipient address rejected: Re
lay access denied
>>> rset
<<< 250 Ok
:Relay test: #test 19
>>> mail from: <postmaster@mail2.example.com>
<<< 250 Ok
>>> rcpt to: <nobody@mail-abuse.org>
<<< 554 <nobody@mail-abuse.org>: Recipient address rejected: Relay access denied
>>> rset
<<< 250 Ok
>>> QUIT
<<< 221 Bye
Tested host banner: 220 mail2.example.com ESMTP Postfix
System appeared to reject relay attempts
Connection closed by foreign host.
%
図2 relay-test.mail-abuse.orgサービス試験実施例(成功時)


Security Tips Index


@IT Special

- PR -

TechTargetジャパン

Security&Trust フォーラム 新着記事
@ITメールマガジン 新着情報やスタッフのコラムがメールで届きます(無料)
- PR -

イベントカレンダー

PickUpイベント

- PR -

アクセスランキング

もっと見る

ホワイトペーパーTechTargetジャパン

注目のテーマ

Security & Trust 記事ランキング

本日 月間
ソリューションFLASH