From owner-freebsd-questions@FreeBSD.ORG Sat Jan 6 20:15:53 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 46C5616A407 for ; Sat, 6 Jan 2007 20:15:53 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout2.cac.washington.edu (mxout2.cac.washington.edu [140.142.33.4]) by mx1.freebsd.org (Postfix) with ESMTP id 24CD013C43E for ; Sat, 6 Jan 2007 20:15:53 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.141] (may be forged)) by mxout2.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l06KFq1d029967 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sat, 6 Jan 2007 12:15:52 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l06KFpmc006674 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 6 Jan 2007 12:15:51 -0800 Message-ID: <45A00376.9040501@u.washington.edu> Date: Sat, 06 Jan 2007 12:15:50 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (X11/20061226) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <20070106194117.GA8958@skytracker.ca> In-Reply-To: <20070106194117.GA8958@skytracker.ca> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.6.115932 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: stopping my server from spamming X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Jan 2007 20:15:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Banning wrote: > I have been blacklisted for spamming and I am attempting to ascertain the > source. > > I have a few networked windows boxes which route through a FBSD > server. I also have around ten off-site users who sendmail via port > 26 - using smtp password authentication. How do I determine which > email going through the server is spam, and therefore identify the > source? First, you should take a look at mail headers to see if you can determine what the issue could be. For instance, my SMTP provider's DNS wasn't resolving properly with as of late, so my email was being marked as spam by many users. This could be your case.. Using nmap / tcpdump / snort to find rogue SMTP hosts is the next step I would pursue. Remember though, your hosts may not be causing the spam and it could instead be spoofing of some kind. For that, you can't do anything except talk to the mail providers that blacklisted your domain and get things cleared up. Ultimately, I suggest switching to entirely AUTH based SMTP though to prevent this issue from occurring. You can either block port 25 from being routed or use net/smtptrapd (see ). - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFoAN2EnKyINQw/HARAkXCAKCcYgBB4gFvQMMDwr/VGN+jtGT1lgCeLbjL yQzU9J77Zlq0Dd/EcT4gkQo= =8TRt -----END PGP SIGNATURE-----