From owner-freebsd-questions@FreeBSD.ORG Tue Apr 14 19:59:56 2015 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8FD13B5C for ; Tue, 14 Apr 2015 19:59:56 +0000 (UTC) Received: from mail.computinginnovations.com (dsl081-227-057.chi1.dsl.speakeasy.net [64.81.227.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.computinginnovations.com", Issuer "mail.computinginnovations.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5A21E845 for ; Tue, 14 Apr 2015 19:59:55 +0000 (UTC) Received: from i7-quad-PC.computinginnovations.com (dhcp-10-20-30-142.computinginnovations.com [10.20.30.142]) by mail.computinginnovations.com (8.14.9/8.14.9) with ESMTP id t3EJkfwe005777; Tue, 14 Apr 2015 14:46:41 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20150414144629.054c14f0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Tue, 14 Apr 2015 14:46:34 -0500 To: David Banning , questions@freebsd.org From: Derek Ragona Subject: Re: finding a spammer relaying through sendmail Mime-Version: 1.0 X-Antivirus: avast! (VPS 150414-0, 04/14/2015), Outbound message X-Antivirus-Status: Clean Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Apr 2015 19:59:56 -0000 I have had this happen too. Even though testing of my server shows it is not an open relay. There are 3 configuration files that are used for the various functions of sendmail. I looked at those files versus the defaults that are installed by mergemaster. I reverted to the defaults as much as possible, and kept only the few customizations I needed. That cut out those relays at least for me. I also use sma to generate a daily report on the sendmail log. You can use that report to block users or domains. -Derek At 11:53 PM 4/13/2015, David Banning wrote: >I have around 40 email users on my system, and one seems have had their >login info stolen. Is there a way to determine which user is being given >authorization to relay through sendmail? I have increased sendmail logging >to 15 but the sender is flagged only as an email address, one unknwon to me. > >Any pointers would be helpful. >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com