On Mon, Jul 23, 2001 at 12:40:22PM -0600, David J Jackson wrote:
> Greetings ---
> How can I stop my server from being used to relay mail?
> I got an email from a admin somewhere claiming that emails were being
> sent from my server with virus attached? It's only me and one other person
> has access to this box?
I doubt you're being used by a third party to relay. It seems much more
likely that some Windoze box on your network is infected, and that's
where the source of this problem is. Get a good virus scanner.
You really have to try to make qmail relay. Possible sources of relay:
1. control/rcpthosts empty.
2. RELAYCLIENT set for all/wrong addresses in /etc/tcp.smtp[.cdb]
(or wherever you keep that file) if using tcpserver
3. RELAYCLIENT set for all addresses in /etc/hosts.allow if using inetd.
4. An insecure .cgi script on your machine (not possible if not running
a cgi-capable webserver on your mail host), and RELAYCLIENT set for
localhost.
> Related question could this be the source of the [EMAIL PROTECTED]
> (I set up an .qmail-52 aliases to try to catch these emails)
I suppose it might be. Read some of the caught mail. The virus looked
like 'Snow White' tho, and that uses a null envelope sender, just like a
bounce message does.
>
>
> This question is part of the Forged Emails post I sent eailer from
> [EMAIL PROTECTED]
In future, please keep things on the same topic in the same thread --
some of us use threaded mail readers for just this purpose. ;)
--
Greg White
