From owner-freebsd-questions@FreeBSD.ORG Sun Aug 15 15:20:31 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D72621065675 for ; Sun, 15 Aug 2010 15:20:31 +0000 (UTC) (envelope-from peter@vfemail.net) Received: from vfemail.net (dotsevenfive.vfemail.net [69.11.239.75]) by mx1.freebsd.org (Postfix) with ESMTP id C04348FC13 for ; Sun, 15 Aug 2010 15:20:29 +0000 (UTC) Received: (qmail 42180 invoked by uid 89); 15 Aug 2010 15:19:15 -0000 Received: from localhost (HELO freequeue.vfemail.net) (127.0.0.1) by localhost with SMTP; 15 Aug 2010 15:19:15 -0000 Received: (qmail 7529 invoked by uid 89); 15 Aug 2010 12:05:44 -0000 Received: from unknown (HELO www-52-2.vfemail.net) (vfemail@172.16.100.52) by FreeQueue with SMTP; 15 Aug 2010 12:05:44 -0000 Received: (qmail 53724 invoked by uid 89); 15 Aug 2010 12:06:27 -0000 Received: by simscan 1.4.0 ppid: 53709, pid: 53721, t: 0.1533s scanners:none Received: from unknown (HELO Bacchus.vfemail.net) (cGV0ZXJAdmZlbWFpbC5uZXQ=@67.101.12.44) by 172.16.100.52 with ESMTPA; 15 Aug 2010 12:06:27 -0000 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Sun, 15 Aug 2010 07:57:23 -0400 To: freebsd-questions@freebsd.org From: peter@vfemail.net In-Reply-To: <201008142113.o7ELDsin018314@mail.r-bonomi.com> References: <201008142113.o7ELDsin018314@mail.r-bonomi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Message-Id: <20100815152031.D72621065675@hub.freebsd.org> Subject: Re: Open Mail Relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2010 15:20:32 -0000 At 05:13 PM 8/14/2010, Robert Bonomi wrote: >> From owner-freebsd-questions@freebsd.org Sat Aug 14 12:22:50 2010 >> Date: Sat, 14 Aug 2010 09:29:54 -0400 >> To: freebsd-questions@freebsd.org >> From: peter@vfemail.net >> Subject: Open Mail Relay >> >> >> I have a machine running FreeBSD, sendmail and majordomo. I have someone who is on one of those majordomo lists complaining that they are receiving spam from me. The complainer says I have an open mail relay that I need to fix. >> >> I went to http://www.abuse.net/relay.html to test the machine using its IP address. Abuse.net gives a clean bill of health, saying relaying was denied in 17 separate tests. >> >> I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent. >> >> Is Abuse.net's test adequate to rule out an open mail relay problem? > > >There are -several- possible sources of spam to that list user. > >The abusenet open-relay tests check only one of them. > >The machine ay be compromised (ie.e 'owned') andthe bad guys have >installed their -own- mail-sending software on it. the logs that >show activity from _your_ mail-sending software would, obviously, >*not* show the activity of this other software. > >In additon, whatever mailinglist said user is subscribed to _may_ be set >to take messaes from 'anybody', not just confirmed members of the list. > >Thirdly, some folks sign up for a list _just_ to send their off-topic >commercial messages to it. > >NONE of those three scenarios are an 'open relay', but they all result >in spam showing up in the list-subscriber's mailbox, that got there by >_from_ your machine. Thank you everyone for your many comments and suggestions. The level of talent and responsiveness on this list is nothing less than stunning. I've requested copies of the offensive messages, and I'm hopeful the complainer will send me copies. I believe I have control over the majordomo lists -- postings are restricted to list members, postings are monitored, and many lists are moderated. Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail. How would I go about locating that other mailer?