Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 28 Mar 2003 10:04:30 +0100
From:      Martin Moeller <mm@bsdsi.com>
To:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   System abused by spammer?
Message-ID:  <20030328090430.GA1262@bsdsi.homeunix.com>
next in thread | raw e-mail | index | archive | help 
Hi list,

I have a vague feeling that some spammer is abusing my sendmail system.

My installation is FreeBSD-CURRENT. Postmaster received some email
saying, that some kind of mail cannot be delivered due configuration
errors. I looked into the mail queue and found this, what definitely
does not belong there!

bsdsi# mailq -v
                /var/spool/mqueue (4 requests)
-----Q-ID----- --Size-- -Priority- ---Q-Time---
--------Sender/Recipient--------
h2RGCDrC001502     1993    1111876 Mar 27 17:13 MAILER-DAEMON
                 (Deferred: Connection refused by mail.craz-man.com.)
                                                <Lizzie03@craz-man.com>
                 (Deferred: Connection refused by mail.craz-man.com.)
h2RC1iZw004629      225    1920349+Mar 27 13:01 <Lizzie03@craz-man.com>
                 (Deferred: Operation timed out with myvzw.com.)
                                                <_dwight@myvzw.com>
                 (Deferred: Operation timed out with myvzw.com.)
h2RBpSZw004575     1903    1951602 Mar 27 12:51 MAILER-DAEMON
                 (Deferred: Connection refused by mail.craz-man.com.)
                                                <Lizzie47@craz-man.com>
                 (Deferred: Connection refused by mail.craz-man.com.)
h2RBefZw004533     1861    2041596 Mar 27 12:40 MAILER-DAEMON
                 (Deferred: Connection refused by mail.craz-man.com.)
                                                <Lizzie16@craz-man.com>
                 (Deferred: Connection refused by mail.craz-man.com.)
                Total requests: 4

/var/log/maillog also shows some strange entries:

Mar 28 09:39:59 bsdsi sm-mta[1189]: h2RGCDrC001502:
to=<Lizzie03@craz-man.com>, delay=16:26:30, xdelay=0
Mar 28 09:41:15 bsdsi sm-mta[1189]: h2RC1iZw004629:
to=<_dwight@myvzw.com>, delay=20:39:30, xdelay=00:01
Mar 28 09:41:15 bsdsi sm-mta[1189]: h2RBpSZw004575:
to=<Lizzie47@craz-man.com>, delay=20:49:47, xdelay=0
Mar 28 09:41:15 bsdsi sm-mta[1189]: h2RBefZw004533:
to=<Lizzie16@craz-man.com>, delay=21:00:34, xdelay=0

etc.

I thought, sendmail rejects relaying per default. What can I do?
(HELP!!! (!!!) )

Regards,
Martin

-- 
Martin Möller <mm at bsdsi.com>        http://www.bsdsi.com/
GnuPG/PGP DSA ID: 0x3C979285                  ICQ # 82221572
I do not accept unsolicited commercial mail. Do not spam me!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030328090430.GA1262>