From owner-freebsd-questions@FreeBSD.ORG Sat Aug 14 19:03:42 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FCCF106566B for ; Sat, 14 Aug 2010 19:03:42 +0000 (UTC) (envelope-from m.e.sanliturk@gmail.com) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4F2328FC1A for ; Sat, 14 Aug 2010 19:03:41 +0000 (UTC) Received: by vws7 with SMTP id 7so2662013vws.13 for ; Sat, 14 Aug 2010 12:03:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=vPQ8AYork2OKMuU4LpwZ0MUSgZSw9wxwzzmHvuKpGrI=; b=H4PdIUMSMPfhpRWpVuo7BokB1Mz3+gxxgarMdXKVlG/vIyefyy2zqA+E0Q7o5k0JV4 sYjoT7W9JSkiRyfP9owsoscuLfbtfT+JnWzERaw1MG6llpnOWvuFCZXF5HACcwFaNAOu rw23gVSWh5rhwTiz/nAMYNXH3jCK/uUsj38ec= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=hB/zSJcfFxGhNpnt7RASv6df2gf6BUPuRgmWq8N9T8q7I50Ow44N0THKBSLSjbH4J2 gmDLk31o+D9XclR4tF6DDyXA6ORf6JDY7jtpp7qy/h19tccA4Ghm1dHmmuCzIubC5Lx1 RijZ93PsUuhTzyIXEqaVwL3YcJksbf71M8+a0= MIME-Version: 1.0 Received: by 10.220.62.72 with SMTP id w8mr1818152vch.200.1281811053720; Sat, 14 Aug 2010 11:37:33 -0700 (PDT) Received: by 10.220.166.66 with HTTP; Sat, 14 Aug 2010 11:37:33 -0700 (PDT) In-Reply-To: <20100814172307.035661065697@hub.freebsd.org> References: <20100814172307.035661065697@hub.freebsd.org> Date: Sat, 14 Aug 2010 14:37:33 -0400 Message-ID: From: Mehmet Erol Sanliturk To: peter@vfemail.net Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Open Mail Relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Aug 2010 19:03:42 -0000 On Sat, Aug 14, 2010 at 9:29 AM, wrote: > > I have a machine running FreeBSD, sendmail and majordomo. I have someone > who is on one of those majordomo lists complaining that they are receiving > spam from me. The complainer says I have an open mail relay that I need to > fix. > > I went to http://www.abuse.net/relay.htmlto test the machine using its IP address. Abuse.net gives a clean bill of > health, saying relaying was denied in 17 separate tests. > > I've reviewed my mail logs for the past couple of days and I can't find any > entries for any mail addressed to the complainer's domain name except mail > that should have been sent. > > Is Abuse.net's test adequate to rule out an open mail relay problem? > > > > In previous weeks , I have received continuously messages about sending spam messages from my IP . They started by sending messages about undelivered mails which claimed to be originated from my computer . Later , they started to send me suggestions about how to remove proxy server acquired in my computer which is sending bulk spam messages . All of their text suggestions were complete executable codes . All of the messages were using faked names of my ISP officials . They tried very hard to infect my computer . At the end I have send a complaint message to my ISP authorities . After that , even I have received many such messages . In those days they are not sending such messages , or they are prevented by my ISP systems , I do not know . Based on such an experience , please be careful about such claims , and do not try to decompose their message attachments because their names of message attachments are also not related to content they contain . Use programs to dissect such messages without making any harm to your systems , for example convert their extensions to .txt and try to read them by a text editor . If they are really texts , they should be readable . Even , content of some messages were completely executable binary . I think some criminals started to perform such a ploy to infect computers by persuading users to try to "clean" their computers by applying their advices based on generated fear on attacked persons . Thank you very much . Mehmet Erol Sanliturk