From owner-freebsd-questions@FreeBSD.ORG Mon Sep 8 17:10:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8897A106564A for ; Mon, 8 Sep 2008 17:10:43 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0244.b.hostedemail.com [64.98.42.244]) by mx1.freebsd.org (Postfix) with ESMTP id 44DAB8FC1D for ; Mon, 8 Sep 2008 17:10:42 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay06.b.hostedemail.com (Postfix) with SMTP id CC4CB2E7A2 for ; Mon, 8 Sep 2008 17:10:41 +0000 (UTC) X-SpamScore: 1 X-Spam-Summary: 50, 0, 0, b3cc07c17fc7b601, 0094ebbbf6252a43, eagletree@hughes.net, , RULES_HIT:355:379:541:564:599:601:800:857:945:946:960:966:967:973:980:982:988:989:1260:1261:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1543:1593:1594:1711:1730:1747:1766:1792:1801:2194:2196:2199:2200:2393:2525:2553:2560:2568:2627:2682:2685:2693:2741:2829:2857:2859:2894:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3355:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:4043:4250:4321:4385:4605:4860:5007:6117:6119:6996:6997:7652:7679:7903:7974:8568:8957:9010:9025, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by omf06.b.hostedemail.com (Postfix) with ESMTP for ; Mon, 8 Sep 2008 17:10:36 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v753) In-Reply-To: <48C53620.10804@ifdnrg.com> References: <907677.98158.qm@web52202.mail.re2.yahoo.com> <48C53620.10804@ifdnrg.com> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chris Pratt Date: Mon, 8 Sep 2008 10:10:30 -0700 To: FreeBSD-Questions Questions X-Mailer: Apple Mail (2.753) X-session-marker: 6561676C6574726565406875676865732E6E6574 Subject: Re: Sendmail become open relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2008 17:10:43 -0000 On Sep 8, 2008, at 7:26 AM, Paul Macdonald wrote: > > This might be more general advice than a specific help, but i've > found most bad mail originating from me comes from php driven forum > sites. > After originally patching the php src to log sitenames that send > mail, i found enabling MAILHEAD support in php build adds customs > headers which help to identify the site anyway. > > I plan on adding a milter to pick these up dynamically, but for > now, it helps identify sites from stuck items in mailq. > > i.e a grep into mailq for X-PHP-Script > > /var/spool/mqueue/qfm83AltWj045560:H??X-PHP-Script: > www.siteonserver.com/signup.php for x.101.27.178 > > Its easy to spot dubious scripts as the ip is commonly the same. > > gd luck. > Paul. > I was thinking somewhat the same thing. It can be the leveraging of any scripts if the server is a web server of any sort. Spammers test every possible crack against your scripts. While you attempt to find which is being leveraged, you can minimize the damage by using the MAX_RCPTS_PER_MESSAGE within sendmail. It allows you to catch and destroy their use of your system prior to much mail going out. You set this value to 2 and it's impossible to send in one pass to more than two recipients. Monitoring your mailq will allow you to see quickly if someone has got your number. This will help keep you off BLs while you tighten your security. > lyd mc wrote: >> Hi guys need help.. >> >> My mailserver become an open relay. >> >> Unknown user can now send mail. >> >> snippet from mailq >> >> m88C8iWq042874 689 Mon Sep 8 20:08 >> (Deferred: Name server: mx1.mail.tw.yahoo.com.: >> host name loo) >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> I don't have user 'osxch' and there others can also send.. >> >> >> best regars thnx >> >> alydio >> >> >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" >> > > -- > > *Ultra fast and secure web hosting > Live and on demand video streaming > Custom online Solutions * > > *Paul Macdonald* > Director > paul@ifdnrg.com > www.ifdnrg.com > > *IFDNRG* > 127 Rose St South Lane, Edinburgh, EH2 4BB > 0044.(0)131.2257470 > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"