Date: Wed, 23 Apr 2003 14:42:14 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD Questions <freebsd-questions@FreeBSD.org> Subject: Re: daily run output questions - rejected mail hosts? Message-ID: <20030423134214.GA57417@happy-idiot-talk.infracaninophi> In-Reply-To: <20030423132047.GC70015@keyslapper.org> References: <20030423132047.GC70015@keyslapper.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--/9DWx/yDrRhgMJTb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Apr 23, 2003 at 09:20:47AM -0400, Louis LeBlanc wrote:
> Just checking the daily run output today, and I found something
> confusing:
>=20
> Checking for rejected mail hosts:
> 1 relays.osirusoft.com
> 1 ordb.org
> 1 dsbl.org
> 1 [61.175.162.203]
>=20
> I'm pretty sure I didn't block the first three explicitly, and the
> last one is a chinese IP block, which I am rejecting altogether, but I
> don't allow relaying without authentication. I also know that the
> first three are blacklist/spam relay reporting sites. Is there a way
> for me to tell *why* these relays were rejected? I'm guessing, but I
> want to make sure, that these entries are a sign that these sites are
> checking out my SMTP setup and I passed muster.
The names you get in the periodic output are just what the remote site
has told your system about where the messages come from. Which means
that they may well be forged.
Grep for 'check_' in /var/log/maillog -- or use zgrep if the logs have
been cycled since you got the nightly e-mail. Eg:
% zgrep check_ /var/log/maillog*
/var/log/maillog.1.gz:Apr 21 04:09:50 happy-idiot-talk sm-mta[28836]: h=
3L39l8x028836: ruleset=3Dcheck_rcpt, arg1=3D<china9988@21cn.com>, relay=3D[=
220.116.163.233], reject=3D550 5.7.1 <china9988@21cn.com>... Relaying denie=
d. IP name lookup failed [220.116.163.233]
/var/log/maillog.1.gz:Apr 21 14:18:52 happy-idiot-talk sm-mta[32717]: h=
3LDIn8w032717: ruleset=3Dcheck_rcpt, arg1=3D<bobra47@ananzi.co.za>, relay=
=3D1Cust173.tnt1.san-fernando.ca.da.uu.net [67.227.10.173], reject=3D550 5.=
7.1 <bobra47@ananzi.co.za>... Relaying denied
[...etc...]
This will pick up everything denied by sendmail's anti-relaying,
anti-spam rulesets, plus anything you forbid by entries in the
/etc/mail/access.db database.
Note that the 'relay=3Daddr' field is much more reliable in this case,
as it's the hostname and IP number of the machine that connected to
yours to deliver the message. You get just the IP number if it
doesn't have a corresponding PTR record or doesn't match what the
other machine says in it's SMTP HELO greeting --- either way, you
probably don't want to accept e-mail from such a site.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--/9DWx/yDrRhgMJTb
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE+ppg2dtESqEQa7a0RAiYgAJ43Koe7uY7FiMd5OfAO8KE0niZRPACfSrFK
dDAcgOE2ka6y3sBthQ7o+UU=
=Fyp/
-----END PGP SIGNATURE-----
--/9DWx/yDrRhgMJTb--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030423134214.GA57417>