sendmail: open-relay
Hi, I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = 213.146.114.24 pukruppa.net Test performed by ulr...@pukruppa.net from 213.146.114.24 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. Of course I had some fun trying to read sendmail's documentation. But I guess I need some help with this. I am running FreeBSD -STABLE 8.0 amd64 . I don't think I ever played around with sendmail's configuration. I just use it as came out of the box. Any ideas? Uli. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
Peter Ulrich Kruppa wrote: Hi, I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = 213.146.114.24 pukruppa.net Test performed by ulr...@pukruppa.net from 213.146.114.24 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. Of course I had some fun trying to read sendmail's documentation. But I guess I need some help with this. I am running FreeBSD -STABLE 8.0 amd64 . I don't think I ever played around with sendmail's configuration. I just use it as came out of the box. Any ideas? Plenty. But it would help a great deal if you showed us your ${hostname}.mc. The default sendmail config in FreeBSD isn't an open relay. In fact, it takes a bit of effort to make sendmail do open relay type stuff nowadays, and there are big fat warnings in the docco (/usr/share/sendmail/cf/README) about most of those. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: sendmail: open-relay
Am Montag, den 04.01.2010, 13:02 + schrieb Matthew Seaman: Peter Ulrich Kruppa wrote: Hi, I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = 213.146.114.24 pukruppa.net Test performed by ulr...@pukruppa.net from 213.146.114.24 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. Of course I had some fun trying to read sendmail's documentation. But I guess I need some help with this. I am running FreeBSD -STABLE 8.0 amd64 . I don't think I ever played around with sendmail's configuration. I just use it as came out of the box. Any ideas? Plenty. But it would help a great deal if you showed us your ${hostname}.mc. The default sendmail config in FreeBSD isn't an open relay. In fact, it takes a bit of effort to make sendmail do open relay type stuff nowadays, and there are big fat warnings in the docco (/usr/share/sendmail/cf/README) about most of those. O.K. this is my complete pukruppa.net.mc divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright #notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright #notice, this list of conditions and the following disclaimer in the #documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software #must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors #may be used to endorse or promote products derived from this software #without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for FreeBSD 5.X and later systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.34.2.3 2008/08/31 18:26:27 gshapiro Exp $') OSTYPE(freebsd6) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org',
Re: sendmail: open-relay
On Mon, 04 Jan 2010 13:51:36 +0100 Peter Ulrich Kruppa ulr...@pukruppa.net replied: Hi, I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = 213.146.114.24 pukruppa.net Test performed by ulr...@pukruppa.net from 213.146.114.24 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. Of course I had some fun trying to read sendmail's documentation. But I guess I need some help with this. I am running FreeBSD -STABLE 8.0 amd64 . I don't think I ever played around with sendmail's configuration. I just use it as came out of the box. Any ideas? Uli. I just tried and received a Relaying denied response. By the way, I noticed that you apparently do not employ SMTP Authentication or offer STARTTLS on either port 25 or 587. You might want to consider employing them. Then again, you could just install Postfix. It is far easier to configure. -- Jerry ges...@yahoo.com |=== |=== |=== |=== | It destroys one's nerves to be amiable every day to the same human being. Benjamin Disraeli ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
Am Montag, den 04.01.2010, 08:21 -0500 schrieb Jerry: On Mon, 04 Jan 2010 13:51:36 +0100 Peter Ulrich Kruppa ulr...@pukruppa.net replied: Hi, I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = 213.146.114.24 pukruppa.net Test performed by ulr...@pukruppa.net from 213.146.114.24 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. Of course I had some fun trying to read sendmail's documentation. But I guess I need some help with this. I am running FreeBSD -STABLE 8.0 amd64 . I don't think I ever played around with sendmail's configuration. I just use it as came out of the box. Any ideas? Uli. I just tried and received a Relaying denied response. By the way, I noticed that you apparently do not employ SMTP Authentication or offer STARTTLS on either port 25 or 587. You might want to consider employing them. Then again, you could just install Postfix. It is far easier to configure. What exactly did you try, Jerry? Uli. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
Peter Ulrich Kruppa wrote: Am Montag, den 04.01.2010, 13:02 + schrieb Matthew Seaman: Peter Ulrich Kruppa wrote: I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: Any ideas? Plenty. But it would help a great deal if you showed us your ${hostname}.mc. O.K. this is my complete pukruppa.net.mc divert(-1) # [...] which is exactly the same as the default freebsd.mc -- nothing suspicious there. Hmmm... anything unusual (ie to do with domains not local to your machine) in /etc/mail/local-host-names or /etc/mail/virtusertable or /etc/mail/mailertable? You're definitely running with that config file, and you don't have anything like OpenBSD spamd(8) running that could intercept incoming SMTP traffic? If that's so, then I can't see how your machine could be an open relay. The abuse.net relay tester must have been having a bad day. In fact, can you find the records in /var/mail/maillog to show abuse.net's server connecting to yours in order to do the testing? It may be that it was connecting to somewhere else entirely. Or it was somehow trying to test relaying using an address that was somehow actually valid on your system. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: sendmail: open-relay
Matthew Seaman wrote: find the records in /var/mail/maillog to show abuse.net's server connecting Ooops./var/log/maillog Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: sendmail: open-relay
Am Montag, den 04.01.2010, 13:45 + schrieb Matthew Seaman: Matthew Seaman wrote: find the records in /var/mail/maillog to show abuse.net's server connecting Ooops./var/log/maillog That would be those: cat maillog | grep abuse.net Jan 4 12:26:46 pukruppa sm-mta[8964]: o04BQi0O008964: from=prvs=0613aad273=postmaster-ulrich=pukruppa@abuse.net, size=333, class=0, nrcpts=1, msgid=20100104112454.38321.qm...@gal.iecc.com, proto=ESMTP, daemon=IPv4, relay=gal.iecc.com [208.31.42.53] Jan 4 12:32:12 pukruppa sm-mta[10672]: o04BWBOA010672: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262604620-41...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 12:33:00 pukruppa spamd[1650]: spamd: checking message rlytest-1262604620-41...@abuse.net for ulrich:1001 Jan 4 12:33:03 pukruppa spamd[1650]: spamd: result: . -4 - BAYES_50,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.4,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=28691,mid=rlytest-1262604620-41...@abuse.net,bayes=0.486826,autolearn=ham Jan 4 13:28:39 pukruppa sm-mta[56503]: o04CSb9P056503: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262608007-71...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 13:29:20 pukruppa spamd[1650]: spamd: checking message rlytest-1262608007-71...@abuse.net for ulrich:1001 Jan 4 13:29:24 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.4,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=21436,mid=rlytest-1262608007-71...@abuse.net,bayes=0.00,autolearn=ham Jan 4 13:35:47 pukruppa sm-mta[58137]: o04CZkfq058137: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262608435-75...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 13:39:20 pukruppa spamd[1650]: spamd: checking message rlytest-1262608435-75...@abuse.net for ulrich:1001 Jan 4 13:39:24 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=4.1,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=24280,mid=rlytest-1262608435-75...@abuse.net,bayes=0.00,autolearn=ham Jan 4 14:27:59 pukruppa sm-mta[87839]: o04DRvKd087839: from=spamt...@abuse.net, size=906, class=0, nrcpts=1, msgid=rlytest-1262611567-9...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 14:29:27 pukruppa spamd[1650]: spamd: checking message rlytest-1262611567-9...@abuse.net for ulrich:1001 Jan 4 14:29:30 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.1,size=1227,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=27859,mid=rlytest-1262611567-9...@abuse.net,bayes=0.00,autolearn=ham -- BTW. I have read somewhere, there might be problems with hostnames like pukruppa.net, since they would allow to relay all mails from .net ?!? Greetings Uli. Cheers, Matthew ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
Peter Ulrich Kruppa wrote: Am Montag, den 04.01.2010, 13:45 + schrieb Matthew Seaman: Matthew Seaman wrote: find the records in /var/mail/maillog to show abuse.net's server connecting Ooops./var/log/maillog That would be those: cat maillog | grep abuse.net Jan 4 12:26:46 pukruppa sm-mta[8964]: o04BQi0O008964: from=prvs=0613aad273=postmaster-ulrich=pukruppa@abuse.net, size=333, class=0, nrcpts=1, msgid=20100104112454.38321.qm...@gal.iecc.com, proto=ESMTP, daemon=IPv4, relay=gal.iecc.com [208.31.42.53] Jan 4 12:32:12 pukruppa sm-mta[10672]: o04BWBOA010672: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262604620-41...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 12:33:00 pukruppa spamd[1650]: spamd: checking message rlytest-1262604620-41...@abuse.net for ulrich:1001 Jan 4 12:33:03 pukruppa spamd[1650]: spamd: result: . -4 - BAYES_50,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.4,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=28691,mid=rlytest-1262604620-41...@abuse.net,bayes=0.486826,autolearn=ham Jan 4 13:28:39 pukruppa sm-mta[56503]: o04CSb9P056503: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262608007-71...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 13:29:20 pukruppa spamd[1650]: spamd: checking message rlytest-1262608007-71...@abuse.net for ulrich:1001 Jan 4 13:29:24 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.4,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=21436,mid=rlytest-1262608007-71...@abuse.net,bayes=0.00,autolearn=ham Jan 4 13:35:47 pukruppa sm-mta[58137]: o04CZkfq058137: from=spamt...@abuse.net, size=909, class=0, nrcpts=1, msgid=rlytest-1262608435-75...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 13:39:20 pukruppa spamd[1650]: spamd: checking message rlytest-1262608435-75...@abuse.net for ulrich:1001 Jan 4 13:39:24 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=4.1,size=1231,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=24280,mid=rlytest-1262608435-75...@abuse.net,bayes=0.00,autolearn=ham Jan 4 14:27:59 pukruppa sm-mta[87839]: o04DRvKd087839: from=spamt...@abuse.net, size=906, class=0, nrcpts=1, msgid=rlytest-1262611567-9...@abuse.net, proto=SMTP, daemon=IPv4, relay=verify.abuse.net [208.31.42.77] Jan 4 14:29:27 pukruppa spamd[1650]: spamd: checking message rlytest-1262611567-9...@abuse.net for ulrich:1001 Jan 4 14:29:30 pukruppa spamd[1650]: spamd: result: . -6 - AWL,BAYES_00,FH_DATE_PAST_20XX,RCVD_IN_DNSWL_HI scantime=3.1,size=1227,user=ulrich,uid=1001,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=27859,mid=rlytest-1262611567-9...@abuse.net,bayes=0.00,autolearn=ham -- BTW. I have read somewhere, there might be problems with hostnames like pukruppa.net, since they would allow to relay all mails from .net ?!? Something doesn't add up here -- the log shows the message being processed by SpamAssassin, but there was no indication in the sendmail .mc file you showed us of any integration with a spam filter. I'd expect some sort of milter configuration. Unfortunately as well, the log line showing the delivery result is usually one of the ones *following* the line showing the external MTA handing off the message to you. Try grepping for the sendmail queue IDs: o04BQi0O008964 o04BWBOA010672 o04CSb9P056503 o04CZkfq058137 etc. The lines that say 'dsn=something' are the important bits. If something is 2.0.0 (ie. successful delivery) then you've got a real problem. The result should be 5.x.y (ie. permanent failure) and a snotty message about 'relaying denied'. Cheers, Matthew btw. you need to update your SpamAssassin rules -- you're triggering on the FH_DATE_PAST_20XX test all the time, which will give you some false positives. -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: sendmail: open-relay
Peter Ulrich Kruppa wrote: BTW. I have read somewhere, there might be problems with hostnames like pukruppa.net, since they would allow to relay all mails from .net ?!? I'm trying to remember where this appears. I remember vaguely what you're referring to, and yes, it's a theoretical possibility if you combine a name like that with domain name based access controls. Aha! Found it. It's this item in the 'FEATURE' section of /usr/share/sendmail/cf/README relay_entire_domain This option allows any host in your domain as defined by class {m} to use your server for relaying. Notice: make sure that your domain is not just a top level domain, e.g., com. This can happen if you give your host a name like example.com instead of host.example.com. So, unless you have an entry saying FEATURE(`relay_entire_domain') somewhere in your sendmail configuration, this will not hurt you. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: sendmail: open-relay
On Mon, 04 Jan 2010 14:33:54 +0100 Peter Ulrich Kruppa ulr...@pukruppa.net replied: I just tried and received a Relaying denied response. By the way, I noticed that you apparently do not employ SMTP Authentication or offer STARTTLS on either port 25 or 587. You might want to consider employing them. Then again, you could just install Postfix. It is far easier to configure. What exactly did you try, Jerry? I used both the IP address and the domain name. Same results either way. Go to: http://www.checkor.com/ and type in your IP: 213.146.114.24 and you will notice that no errors are displayed. Your server is accepting the Mail From: then refusing to relay the mail. If you employed SMTP Authentication it would not even get that far. quote 220 pukruppa.net ESMTP Sendmail 8.14.3/8.14.3; Mon, 4 Jan 2010 15:39:34 +0100 (CET) HELO ortest.checkor.com 250 pukruppa.net Hello www.no-ip.com [204.16.252.112], pleased to meet you RSET 250 2.0.0 Reset state MAIL FROM: t...@checkor.com 250 2.1.0 t...@checkor.com... Sender ok RCPT TO: te...@checkor.com 550 5.7.1 te...@checkor.com... Relaying denied RSET 250 2.0.0 Reset state MAIL FROM: 501 5.5.2 Syntax error in parameters scanning FROM RCPT TO: te...@checkor.com 503 5.0.0 Need MAIL before RCPT RSET 250 2.0.0 Reset state MAIL FROM: s...@213.146.114.24 250 2.1.0 s...@213.146.114.24... Sender ok RCPT TO: te...@checkor.com 550 5.7.1 te...@checkor.com... Relaying denied RSET 250 2.0.0 Reset state MAIL FROM: s...@213.146.114.24 250 2.1.0 s...@213.146.114.24... Sender ok RCPT TO: te...@checkor.com 550 5.7.1 te...@checkor.com... Relaying denied RSET 250 2.0.0 Reset state MAIL FROM: s...@213.146.114.24 250 2.1.0 s...@213.146.114.24... Sender ok RCPT TO: te...@213.146.114.24 550 5.7.1 te...@213.146.114.24... Relaying denied RSET 250 2.0.0 Reset state MAIL FROM: s...@213.146.114.24 250 2.1.0 s...@213.146.114.24... Sender ok RCPT TO: te...@test.com@213.146.114.24 550 5.7.1 te...@test.com@213.146.114.24... Relaying denied RSET 250 2.0.0 Reset state MAIL FROM: s...@213.146.114.24 250 2.1.0 s...@213.146.114.24... Sender ok RCPT TO: @213.146.114.24:spamt...@checkor.com 550 5.7.1 @213.146.114.24:spamt...@checkor.com... Relaying denied /quote -- Jerry ges...@yahoo.com |=== |=== |=== |=== | You are slower than a herd of turtles stampeding through peanut butter. Anonymous ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
Something doesn't add up here -- the log shows the message being processed by SpamAssassin, but there was no indication in the sendmail .mc file you showed us of any integration with a spam filter. I'd expect some sort of milter configuration. spamassassin came with evolution (Gnome's Mailer), I never configured anything for that. Unfortunately as well, the log line showing the delivery result is usually one of the ones *following* the line showing the external MTA handing off the message to you. Try grepping for the sendmail queue IDs: o04BQi0O008964 o04BWBOA010672 o04CSb9P056503 o04CZkfq058137 etc. The lines that say 'dsn=something' are the important bits. If something is 2.0.0 (ie. successful delivery) then you've got a real problem. The result should be 5.x.y (ie. permanent failure) and a snotty message about 'relaying denied'. No, sorry, _I_ cannot find anything suspicious; everything listed there seems to be mails I really sent or received. I tried http://www.checkor.com which Jerry suggested, no problem. Perhaps this really is a problem with abuse.net . But anyway: Many thanks to you both. I wouldn't like to be the one person who sends all the enhancement mails. Uli. Cheers, Matthew btw. you need to update your SpamAssassin rules -- you're triggering on the FH_DATE_PAST_20XX test all the time, which will give you some false positives. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail: open-relay
In freebsd-questions Digest, Vol 292, Issue 3, Message: 10 On Mon, 04 Jan 2010 13:42:28 + Matthew Seaman m.sea...@infracaninophile.co.uk wrote: Peter Ulrich Kruppa wrote: Am Montag, den 04.01.2010, 13:02 + schrieb Matthew Seaman: Peter Ulrich Kruppa wrote: I am running my own small mail-server, i.e. I use my desktop pc for sending and receiving my private mails. That worked quite nicely the last years. From time to time I tested my mail-server via abuse.net's mail-relay tester. - Never got any positives. Now suddenly I receive one: Any ideas? Plenty. But it would help a great deal if you showed us your ${hostname}.mc. O.K. this is my complete pukruppa.net.mc divert(-1) # [...] which is exactly the same as the default freebsd.mc -- nothing suspicious there. Well, except as you said later, how then is SA being invoked from that .mc file, unless the sendmail.cf in use maybe wasn't made from that .mc? I'd suggest: # cd /etc/mail copy the present sendmail.cf (and maybe submit.cf) for diff later # make cf # read the nice Makefile # diff sendmail.cf.old sendmail.cf# expecting nothing Hmmm... anything unusual (ie to do with domains not local to your machine) in /etc/mail/local-host-names or /etc/mail/virtusertable or /etc/mail/mailertable? You're definitely running with that config file, If it was in fact last compiled to the present sendmail.cf, yes. I'd also check that abuse.net or its IP address[es] don't appear in relay-domains (aka sendmail.cR) - which sounds like a long shot, but might explain the behaviour. Or an 'abuse.net RELAY' in access[.db]? Jerry's test seems to have ruled out general open relay behaviour. and you don't have anything like OpenBSD spamd(8) running that could intercept incoming SMTP traffic? Even so, should spamd ever send or bounce mail? If that's so, then I can't see how your machine could be an open relay. The abuse.net relay tester must have been having a bad day. In fact, can you find the records in /var/mail/maillog to show abuse.net's server connecting to yours in order to do the testing? It may be that it was connecting to somewhere else entirely. Or it was somehow trying to test relaying using an address that was somehow actually valid on your system. Indeed. Unless there's a 'to=[*.]abuse.net [...] stat=Sent' line in maillog then or later, your Bad Day Theory sounds quite likely. cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org