Date: Sun, 15 Aug 2010 16:40:58 +0100 From: Paul Macdonald <paul@ifdnrg.com> To: peter@vfemail.net Cc: freebsd-questions@freebsd.org Subject: Re: Open Mail Relay Message-ID: <4C680A8A.3070409@ifdnrg.com> In-Reply-To: <20100815152031.D72621065675@hub.freebsd.org> References: <201008142113.o7ELDsin018314@mail.r-bonomi.com> <20100815152031.D72621065675@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 15/08/2010 12:57, peter@vfemail.net wrote: > At 05:13 PM 8/14/2010, Robert Bonomi wrote: >>> From owner-freebsd-questions@freebsd.org Sat Aug 14 12:22:50 2010 >>> Date: Sat, 14 Aug 2010 09:29:54 -0400 >>> To: freebsd-questions@freebsd.org >>> From: peter@vfemail.net >>> Subject: Open Mail Relay >>> >>> >>> I have a machine running FreeBSD, sendmail and majordomo. I have someone who is on one of those majordomo lists complaining that they are receiving spam from me. The complainer says I have an open mail relay that I need to fix. >>> >>> I went to<http://www.abuse.net/relay.html>http://www.abuse.net/relay.html to test the machine using its IP address. Abuse.net gives a clean bill of health, saying relaying was denied in 17 separate tests. >>> >>> I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent. >>> >>> Is Abuse.net's test adequate to rule out an open mail relay problem? >> >> There are -several- possible sources of spam to that list user. >> >> The abusenet open-relay tests check only one of them. >> >> The machine ay be compromised (ie.e 'owned') andthe bad guys have >> installed their -own- mail-sending software on it. the logs that >> show activity from _your_ mail-sending software would, obviously, >> *not* show the activity of this other software. >> >> In additon, whatever mailinglist said user is subscribed to _may_ be set >> to take messaes from 'anybody', not just confirmed members of the list. >> >> Thirdly, some folks sign up for a list _just_ to send their off-topic >> commercial messages to it. >> >> NONE of those three scenarios are an 'open relay', but they all result >> in spam showing up in the list-subscriber's mailbox, that got there by >> _from_ your machine. > Thank you everyone for your many comments and suggestions. The level of talent and responsiveness on this list is nothing less than stunning. > > I've requested copies of the offensive messages, and I'm hopeful the complainer will send me copies. I believe I have control over the majordomo lists -- postings are restricted to list members, postings are monitored, and many lists are moderated. > > Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail. How would I go about locating that other mailer? > > > > you need the headers, that's what they're there for! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07534206249 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA -------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C680A8A.3070409>