From owner-freebsd-questions@FreeBSD.ORG Sat Jan 7 07:20:41 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A323F16A41F for ; Sat, 7 Jan 2006 07:20:41 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88B2243D4C for ; Sat, 7 Jan 2006 07:20:39 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 15577 invoked by uid 510); 7 Jan 2006 07:23:45 +0000 Received: from 84.92.24.252 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.87/1146. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(84.92.24.252):SA:0(-3.7/5.0):. Processed in 1.235119 secs); 07 Jan 2006 07:23:45 -0000 X-Spam-Status: No, hits=-3.7 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(84.92.24.252):SA:0(-3.7/5.0):. Processed in 1.235119 secs Process 15570) Received: from mail.bathnetworks.com (HELO ?84.92.24.252?) (bsd@bathnetworks.com@84.92.24.252) by lmail.bathnetworks.co.uk with SMTP; 7 Jan 2006 07:23:44 +0000 From: Robert Slade To: David Banning In-Reply-To: <6db0aaaa0601062145k392b935che0d33e4f2739279e@mail.gmail.com> References: <6db0aaaa0601062145k392b935che0d33e4f2739279e@mail.gmail.com> Content-Type: text/plain Message-Id: <1136618623.15229.17.camel@lmail.bathnetworks.co.uk> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Sat, 07 Jan 2006 07:23:43 +0000 Content-Transfer-Encoding: 7bit Cc: questions@freebsd.org Subject: Re: Spamcop listed - need help to diagnose why X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jan 2006 07:20:41 -0000 On Sat, 2006-01-07 at 05:45, David Banning wrote: > My server just was listed with Spamcop. Before I exercise my -one time- > option to de-list it I need to verify that indeed my server is not sending > spam. I have 3 win boxes routing through my FreeBSD box. > > Also there are a few windows computers in the outside world that send > mail through my server via port 26 using their login and password. > > I know it is possible for viruses to install a stand-alone smtp server > on win boxes. That is one suspicion I have. > > My question; > What tool would I use to see if unauthorized mail is being sent via > my server? Note that I am running tmda, so that I have around 80 emails per > minute being sent out; to request verification on my standard incoming > mail, (therefore it is too complicated to just watch -all- mail being > sent out, and try and decode legitimate from illegitimate). There is your problem TMDA is most likely the cause. Such programmes are in effect adding to the spam problem. Nearly all spam has a forged from address and all programmes such as TMDA do is send a challenge to an innocent 3rd party. Whist it looks like it reduces your spam all you do is in effect spam someone else. When your e-mail address has been used in a spam run by a spammer and you start getting 10s of these challenge an hour it is quite easy to report 1 my accident. If you look at the Spamcop reporting page you will see a warning about just this situation. I suppose that the real answer is to stop compounding the spam problem and use a combination of spamassassin and block lists. BTW I make it a point never to respond to challenges. Rob