Colorado Tech Support wrote: >Hi, I'm pretty new to this, but I've got a problem. > >Last night, a SPAMer was able to relay 250 mail messages through my >server and I can't figure out how they did it. > >Here's my configuration: > >Fedora Core 2 - kernel-2.6.10-1.771_FC2 >apache - httpd-2.0.51-2.9 >mailman-2.1.5-10.fc2 >sendmail-8.12.11-4.6 > >Here's what I know... > >My sendmail is configured in a way to only allow relaying from IP >addresses within my network (the 192.168.blah.blah range). >I believe this is configured correctly because I get "RELAYING DENIED" >messages all the time from SPAMers trying to relay through my server. > >The only reason I know about the attempt is because I received over 100 >bounced messages to "[EMAIL PROTECTED]" from the target of the >attack. > >The bounced messages all contained the original message (which came from >[EMAIL PROTECTED]).
How do you know that Mailman was even involved in sending the original spam? Perhaps the mailman-owner address was just spoofed. Mailman generally sends messages with Sender:, Errors-To: and envelope sender of <somelistname>-bounces so that bounces go there, not directly to mailman-owner. What do the full headers of one of these bounced messages look like? >My /etc/log/maillog file shows all 250 sendmails being relayed (here's >just one): >maillog:May 14 21:02:52 nameofmyserver sendmail[14830]: j4F32px8014830: >from=<[EMAIL PROTECTED]>, size=2408, class=0, nrcpts=1, >msgid=<[EMAIL PROTECTED]>, bodytype=7BIT, >proto=ESMTP, daemon=MTA, relay=mail.popcap.com [69.25.140.155] What in here indicates any Mailman involvement? -- Mark Sapiro <[EMAIL PROTECTED]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
