From owner-freebsd-questions@FreeBSD.ORG Thu Jun 19 05:28:42 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 91E5037B401 for ; Thu, 19 Jun 2003 05:28:42 -0700 (PDT) Received: from vixen.pragma.no (rudolph.pragma.no [212.20.194.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF57043F75 for ; Thu, 19 Jun 2003 05:28:40 -0700 (PDT) (envelope-from awand@pragma.no) Received: from vable.pragma.no (DNSSPOOFER [212.20.194.160]) by vixen.pragma.no (Netscape Messaging Server 4.15) with ESMTP id HGQAMF00.4C2 for ; Thu, 19 Jun 2003 14:27:51 +0200 Message-Id: <5.2.0.9.0.20030619141344.02971008@mail.pragma.no> X-Sender: awand@mail.pragma.no X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Thu, 19 Jun 2003 14:27:50 +0200 To: freebsd-questions@FreeBSD.ORG From: Andreas =?iso-8859-1?Q?Wider=F8e?= Andersen Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Subject: Do I have an open relay? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Jun 2003 12:28:42 -0000 Hi, I'm a bit nervous here. Recently I've started getting 20-25 mails to my=20 Postmaster account on my FreeBSD 4.8RC server running Sendmail=20 8.12.8/8.12.8 each day with a message to Postmaster that the mail could not= =20 be delivered. In the daily run output from the server I see messages like these: Mail in local queue: /var/spool/mqueue (15 requests) -----Q-ID----- --Size-- -----Q-Time-----=20 ------------Sender/Recipient----------- h5IGWCj5047460 4477 Wed Jun 18 18:44 MAILER-DAEMON (Deferred: Connection refused by mobilemice.com.) h5HJ1xj4020111 4251 Tue Jun 17 21:03 MAILER-DAEMON (Deferred: Connection refused by distanteye.com.) h5HFHEj3015655 3298 Tue Jun 17 17:17 MAILER-DAEMON (host map: lookup (triplepipe.com): deferred) I have no relations with these hosts. In the maillog from the server I see this: Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939:=20 to=3D, delay=3D3+10:06:00, xdelay=3D00:00:00,=20 mailer=3Desmtp, pri=3D15062899, relay=3Ddistanteye.com., dsn=3D4.0.0,=20 stat=3DDeferred: Connection refused by distanteye.com. Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159:=20 to=3D, delay=3D3+14:25:00, xdelay=3D00:00:00,=20 mailer=3Desmtp, pri=3D15962899, relay=3Ddistanteye.com., dsn=3D4.0.0,=20 stat=3DDeferred: Connection refused by distanteye.com. Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158:=20 to=3Daf@fvr.no,bw@fvr.no,gs@fvr.no,hr@fvr.no,rh@fvr.no, delay=3D3+14:28:25,= =20 xdelay=3D00:01:38, mailer=3Desmtp, pri=3D16261875, relay=3Dmailgw.c2i.net.,= =20 dsn=3D4.0.0, stat=3DDeferred: 450 Unable to find distanteye.com Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115:=20 to=3D, delay=3D4+11:37:52, xdelay=3D00:00:0= 0,=20 mailer=3Desmtp, pri=3D19742831, relay=3Dmobilemice.com., dsn=3D4.0.0,=20 stat=3DDeferred: Connection refused by mobilemice.com. Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414:=20 to=3D, delay=3D4+15:54:08, xdelay=3D00:00:0= 0,=20 mailer=3Desmtp, pri=3D20642831, relay=3Dmobilemice.com., dsn=3D4.0.0,=20 stat=3DDeferred: Connection refused by mobilemice.com. The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*. I've manually configured my .mc file which looks like this (I'm running=20 Procmail and Spamassassin): divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14=20 03:21:18 keramida Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl= http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "=20 $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"=20 $&{client_add r}') dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=3DIPv4, Family=3Dinet') dnl DAEMON_OPTIONS(`Name=3DIPv6, Family=3Dinet6') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confMAX_MIME_HEADER_LENGTH', `256/128') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') FEATURE(local_procmail) MAILER(local) MAILER(smtp) If I try to telnet to my server from "somewhere" I get relaying denied so I= =20 think I've got it right, but somehow I have a feeling someone is getting=20 through somehow. I'm running Apache, MySQL, PHP and other "webserver"=20 related apps on the same machine. Thanks for any help! Andreas --- Andreas Wider=F8e Andersen Pragma AS http://www.pragma.no=20