Nevermind... after some testing I am realizing now that some spammer obviously has this users password and is actually authenticating to send email through submission. I've attempted it myself with a bad password and without auth and it fails.
On Fri, Dec 6, 2013 at 11:57 AM, Tim Whitaker <wiriki...@gmail.com> wrote: > I submitted a question to the list yesterday (not sure if it made it, > never saw it come back) about getting a lot of returns for bad deliveries. > I did a little digging through the logs and I found this: > > [root@mail qmail]# grep -i -r "findtenders" * > send/current:@4000000052a1de0600d32c8c starting delivery 12474: msg > 67404215 to remote i...@findtenders.ru > send/current:@4000000052a1de070b5a075c delivery 12474: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.27_accepted_message./Remote_host_said:_250_2.0.0_OK_1386339837_v65si7318243yhp.108_-_gsmtp/ > send/current:@4000000052a1e2c0123994ac starting delivery 12507: msg > 67404215 to remote i...@findtenders.ru > send/current:@4000000052a1e2c11a1471ec delivery 12507: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.26_accepted_message./Remote_host_said:_250_2.0.0_OK_1386341047_kb1si61100901qeb.151_-_gsmtp/ > send/current:@4000000052a1e84d0898477c starting delivery 12565: msg > 67404686 to remote i...@findtenders.ru > send/current:@4000000052a1e84e10c192dc delivery 12565: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.27_accepted_message./Remote_host_said:_250_2.0.0_OK_1386342468_e33si56560306yhq.268_-_gsmtp/ > send/current:@4000000052a1eb2a3351a454 starting delivery 12584: msg > 67404686 to remote i...@findtenders.ru > send/current:@4000000052a1eb2c0b264944 delivery 12584: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.26_accepted_message./Remote_host_said:_250_2.0.0_OK_1386343202_lh4si42466267qeb.106_-_gsmtp/ > send/current:@4000000052a1ec21061f15d4 starting delivery 12590: msg > 67404609 to remote i...@findtenders.ru > send/current:@4000000052a1ec212892a284 delivery 12590: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.26_accepted_message./Remote_host_said:_250_2.0.0_OK_1386343447_i10si150693qen.48_-_gsmtp/ > send/current:@4000000052a1f3cd25710b7c starting delivery 12658: msg > 67404666 to remote i...@findtenders.ru > send/current:@4000000052a1f3ce0bc7b194 delivery 12658: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.27_accepted_message./Remote_host_said:_250_2.0.0_OK_1386345412_el7si44720342qeb.105_-_gsmtp/ > send/current:@4000000052a1f53722b1570c starting delivery 12671: msg > 67404666 to remote i...@findtenders.ru > send/current:@4000000052a1f538151358fc delivery 12671: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.74.26_accepted_message./Remote_host_said:_250_2.0.0_OK_1386345774_i2si2245320qaz.156_-_gsmtp/ > send/current:@4000000052a1f85f1695af54 starting delivery 12694: msg > 67404666 to remote i...@findtenders.ru > send/current:@4000000052a1f8601beee6dc delivery 12694: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.27_accepted_message./Remote_host_said:_250_2.0.0_OK_1386346582_25si51969740yhc.232_-_gsmtp/ > send/current:@4000000052a200fe19a0823c starting delivery 26: msg 67404300 > to remote i...@findtenders.ru > send/current:@4000000052a200ff33173f1c delivery 26: success: > User_and_password_not_set,_continuing_without_authentication./< > i...@findtenders.ru > >_173.194.68.27_accepted_message./Remote_host_said:_250_2.0.0_OK_1386348789_r49si12270027yho.292_-_gsmtp/ > submission/current:@4000000052a1de051218687c CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <Servidor:unknown:187.17.163.8> rcpt <i...@findtenders.ru> : client > allowed to relay > submission/current:@4000000052a1de0512187434 policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1e2bf2ec94d74 CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <teknion1.teknion.local:unknown:78.188.153.95> rcpt <i...@findtenders.ru> > : client allowed to relay > submission/current:@4000000052a1e2bf2ec960fc policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1e84c213e79a4 CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <teknion1.teknion.local:unknown:78.188.153.95> rcpt <i...@findtenders.ru> > : client allowed to relay > submission/current:@4000000052a1e84c213e8174 policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1eb2a0b77a17c CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <servidor.casa.local:unknown:88.25.39.163> rcpt <i...@findtenders.ru> : > client allowed to relay > submission/current:@4000000052a1eb2a0b77b504 policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1ec202f47f354 CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <info.disfrimur.com:unknown:195.55.86.170> > rcpt <i...@findtenders.ru> : client allowed to relay > submission/current:@4000000052a1ec202f4802f4 policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1f3cc368e741c CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <servidor:unknown:88.14.6.55> rcpt <i...@findtenders.ru> : client allowed > to relay > submission/current:@4000000052a1f3cc368e83bc policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1f53638b5f3b4 CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <server.BOTTEGA.LOCAL:unknown:95.253.4.147> rcpt <i...@findtenders.ru> : > client allowed to relay > submission/current:@4000000052a1f53638b5ff6c policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a1f85e1da1134c CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <servidor:unknown:177.5.137.47> rcpt <i...@findtenders.ru> : client > allowed to relay > submission/current:@4000000052a1f85e1da122ec policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > submission/current:@4000000052a200fd2c1e5d6c CHKUSER relaying rcpt: from > <dkel...@dlkcpapa.com:dkel...@dlkcpapa.com:> remote > <servidor.RYD:unknown:217.18.230.211> rcpt <i...@findtenders.ru> : client > allowed to relay > submission/current:@4000000052a200fd2c1e6d0c policy_check: local > dkel...@dlkcpapa.com -> remote i...@findtenders.ru (AUTHENTICATED SENDER) > > > > Does this mean submission is allowing relay? How can I turn that off? >