From owner-freebsd-questions@FreeBSD.ORG Sat Aug 14 18:28:01 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5E0C110656AC for ; Sat, 14 Aug 2010 18:28:01 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id 145BC8FC22 for ; Sat, 14 Aug 2010 18:28:00 +0000 (UTC) Received: from beta.local (unknown [80.150.105.138]) by mail.locolomo.org (Postfix) with ESMTPSA id 17DED1C0871 for ; Sat, 14 Aug 2010 20:27:58 +0200 (CEST) Message-ID: <4C66E02D.7010808@locolomo.org> Date: Sat, 14 Aug 2010 20:27:57 +0200 From: Erik Norgaard User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20100814172307.035661065697@hub.freebsd.org> In-Reply-To: <20100814172307.035661065697@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Open Mail Relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Aug 2010 18:28:01 -0000 On 14/08/10 15.29, peter@vfemail.net wrote: > > I have a machine running FreeBSD, sendmail and majordomo. I have someone who is on one of those majordomo lists complaining that they are receiving spam from me. The complainer says I have an open mail relay that I need to fix. When somebody complains that they receive spam via your relay they must the very least forward one of the offending mails to you so you can study the header. If they deleted the message simply instruct that the next spam mail is forwarded to you. In the header you can check the Received headers to see if it actually passed through your server first check ip & hostname, then see if the message id appears in your logs. It is far to easy to forge a mail that appears to come from your server or domain. If so, the received fields will also show where the offending mail was sent from so you can act on it. If he's a subscriber to a list could it be that somebody send spam through the list? > I went tohttp://www.abuse.net/relay.html to test the machine using its IP address. Abuse.net gives a clean bill of health, saying relaying was denied in 17 separate tests. > > I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent. > > Is Abuse.net's test adequate to rule out an open mail relay problem? I don't know about this site, but it should be easy to check your logs for their connections and see what action is taken. BR, Erik