Enhancing Abuse Prevention in Two-Way Relay Usage

[gnh1201]

Description

I think that smtprelay is designed for one-way relay. However, when attempting to use it as a two-way relay, the result was receiving a significant amount of spam attacks from attackers. Therefore, I would like to address and improve this issue when using it as a two-way relay.

Jun 17 08:30:12 server02 smtprelay: time="2023-06-17T08:30:12+09:00" level=info msg="delivering mail from peer using smarthost" from=info@some.tld host="mail.some.tld:587" peer=84.54.50.150 to="[gadams@bellsouth.net gadara24@yahoo.com gadcri59fabriziandrea@hotmail.it gaddijerell@gmail.com gaddyjordan@ymail.com gadeejahr.alnur@vodamail.co.za gadeia_anjo@hotmail.com gadgetnerdly@gmail.com gadi_mota@hotmail.com gadjo@oink.co.uk gadleyed@yahoo.com gadrian@sandiego.gov gadrielaoviedo@aol.com gadsden@craftshowscanada.com gadventure@freemail.hu gae@peyron.com gaea_spirit2@hotmail.com gaebja@hu.edu.jo gaelickraut@msn.com gaepps@verizon.net gaetano.abbatantuono@poliba.it gaetano.casper@yahoo.com.ph gaetano.fusco@uniroma1.it gaew@hotmail.com gaew_21@hotmail.com gaewb421@juno.com gafarragamga@hotmail.com gaffney@iconn.net gag_mam@hotmail.com gag11@bellsouth.net gaga_dance@hotmail.com gaga83@hotmail.it gagag@hotmail.com gagah_pino@yahoo.com gagalounis@comcast.net gagan.astro@gmail.com gagan_bal@whirlpool.com gaganarora23@gmail.com gaganlouise@sympatico.ca gaganlouise@sympatico.sca gaganpreetsethi84@yahoo.com gagasage1@bellsouth.net gagazao2000@hotmail.com gage.ingram18@gmail.com gage.kurricke@riptidepress.com gage@birdcreekroofing.com gagepride@comcast.net gageroddy@gmail.com gageschrammel@gmail.com gagidear@msn.com]" uuid=1d56fb66-f036-46cb-909b-d954d2ea4820
Jun 17 08:30:13 server02 smtprelay: time="2023-06-17T08:30:13+09:00" level=info msg="delivering mail from peer using smarthost" from=info@some.tld host="mail.some.tld:587" peer=84.54.50.150 to="[gabinojimenez@gmail.com gabioborges@uol.com.br gabipm@ula.ve gabira_ambrosio@hotmail.com gabirajdar11@gmail.com gabiratulea@yahoo.com gabisocu@desejog.com gabitraub@hotmail.com gabmarf32@gmail.com gabmariee@gmail.com gabombonatocamargo@hotmail.com gabor.hazi@energia.mta.hu gabor.lennartz@talktalk.co.uk gabor.s57wj@gmail.com gabors@isp.com gabr_alves@hotmail.com gabreilsilkof@hotmail.com gabri10@hotmeil.com gabri687@hotmail.com gabribarth@yahoo.com.br gabrido_1987@libero.it gabriebl@jmu.edu gabriei.buhr@coastal.ca.gov gabriel.arellano.torres@gmail.com gabriel.buhr@coastal.ca.gov gabriel.dobrei@gmail.com gabriel.eldon@gmail.com gabriel.frumusanu@ugal.ro gabriel.gitierrez@sdcounta.ca.gov gabriel.gitierrez@sdcounty.ca.gov gabriel.gutierrez@sdcounty.ca.gov gabriel.harber@gmail.com gabriel.harja@aut.utcluj.ro gabriel.ibarra@ehu.es gabriel.leung@raymondjames.ca gabriel.lobato_sg@hotmail.com gabriel.lugo@ctx.edu gabriel.m.p.cruz@gmail.com gabriel.markovic@tuke.sk gabriel.melo12@hotmail.com gabriel.moreno@thinking.com.co gabriel.netboy@gmail.com gabriel.oltean@bel.utcluj.ro gabriel.popa@fih.upt.ro gabriel.quitral@gmail.com gabriel.radu77@yahoo.com gabriel.sanossouza@hotmai.com gabriel.santos.2010@gmail.com gabriel.schulhof@intel.com gabriel.sueira@hotmail.com]" uuid=daf813be-4853-4dc0-99b9-9701d8006920
Jun 17 08:33:24 server02 smtprelay: time="2023-06-17T08:33:24+09:00" level=error msg="delivery failed" error=EOF from=info@some.tld host="mail.some.tld:587" peer=84.54.50.150 to="[clover123@yahoo.com clover1974uk@yahoo.co.uk cloverpoint777@live.ca cloves.cumin@gmail.com cloves.huber@terra.com.br clovesmopopmarca@gmail.com clovesscruz@hotmail.com clovis.benedan@talentfour.com.br clovis.correa@tjdft.jus.br clovis.correa@tjdft.jus.br1 clovis.junior@tjdft.jus.br clovis.miguel@uol.com.br clovis.sousa@tjdft.jus.br clovis@amacol.com.br clovis@ccfciarlini.com.br clovis@elogica.com.br clovis@grupoarmarinho.com.br clovis@lacerda.com.br clovis@latasa.com.br clovis@lumadellseguros.com.br clovis@pipeway.com clovis@sea.sc.gov.br clovis@simplelifecorretora.com.br clovis_caetano@yahoo.com.br clovis2003@brturbo.com clovisbarauna59@outlook.com cloviscbc@msn.com clovisfecury@hotmail.com clovisfirmeza@hotmail.com clovisfrota@yahoo.com.br clovisquintaojr@yahoo.com.br clovisviana2000@hotmail.com clowe23@aol.com clowies_toocute4u@yahoo.com clownycup@gmail.com clozano3@latinmail.com clozingali@gmail.com clpacor@hotmail.com clpatt333@cox.net clplinux@yahoo.com.br clporter422@gmail.com cls.guatemala@gmail.com clsc78@hotmail.com clso@wsut.com.br clstrauss79@aol.com cltdp@yahoo.com.br cltice@earthlink.net clto@clto.com.br cltorres@oi.com.br cltrelut@gmail.com]" uuid=865030e0-3978-4086-94db-3ac167711254

Suggestion

In my opinion, there is a need to make the following changes to the routines of conenctionChecker and recipientChecker. It is necessary to validate the recipients first before validating the peer.

https://github.com/gnh1201/smtprelay/commit/b4bf72a2ead72cb948e4f9ffcb3b37627774aa0a

[decke]

smtprelay is designed as a outgoing SMTP relay but you seem to run it with a public reachable IP address. This is definitely not recommended and will not work properly in most cases!

Don't know what you mean exactly with two-way relay.

[decke]

Since you authenticate at the upstream SMTP server you risk to get your account blocked because of spam if your smtprelay configuration is not strict enough.