Date: Tue, 5 Jan 2010 15:43:49 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: Peter Ulrich Kruppa <ulrich@pukruppa.net>, freebsd-questions@freebsd.org Subject: Re: sendmail: open-relay Message-ID: <20100105134920.K50666@sola.nimnet.asn.au> In-Reply-To: <20100104150605.5F6A61065744@hub.freebsd.org> References: <20100104150605.5F6A61065744@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 292, Issue 3, Message: 10 On Mon, 04 Jan 2010 13:42:28 +0000 Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote: > Peter Ulrich Kruppa wrote: > > Am Montag, den 04.01.2010, 13:02 +0000 schrieb Matthew Seaman: > >> Peter Ulrich Kruppa wrote: > > >>> I am running my own small mail-server, i.e. I use my desktop pc for > >>> sending and receiving my private mails. > >>> That worked quite nicely the last years. From time to time I tested > >> my > >>> mail-server via abuse.net's mail-relay tester. - Never got any > >>> positives. > >>> Now suddenly I receive one: > > >>> Any ideas? > >> Plenty. But it would help a great deal if you showed us your > >> ${hostname}.mc. > > > O.K. this is my complete pukruppa.net.mc > > -------------------------------------------- > > divert(-1) > > # > [...] > > which is exactly the same as the default freebsd.mc -- nothing suspicious > there. Well, except as you said later, how then is SA being invoked from that .mc file, unless the sendmail.cf in use maybe wasn't made from that .mc? I'd suggest: # cd /etc/mail copy the present sendmail.cf (and maybe submit.cf) for diff later # make cf # read the nice Makefile # diff sendmail.cf.old sendmail.cf # expecting nothing > Hmmm... anything unusual (ie to do with domains not local to your machine) > in /etc/mail/local-host-names or /etc/mail/virtusertable or > /etc/mail/mailertable? You're definitely running with that config file, If it was in fact last compiled to the present sendmail.cf, yes. I'd also check that abuse.net or its IP address[es] don't appear in relay-domains (aka sendmail.cR) - which sounds like a long shot, but might explain the behaviour. Or an 'abuse.net RELAY' in access[.db]? Jerry's test seems to have ruled out general open relay behaviour. > and you don't have anything like OpenBSD spamd(8) running that could > intercept incoming SMTP traffic? Even so, should spamd ever send or bounce mail? > If that's so, then I can't see how your machine could be an open > relay. The abuse.net relay tester must have been having a bad day. > In fact, can you find the records in /var/mail/maillog to show > abuse.net's server connecting to yours in order to do the testing? > It may be that it was connecting to somewhere else entirely. Or it > was somehow trying to test relaying using an address that was somehow > actually valid on your system. Indeed. Unless there's a 'to=<[*.]abuse.net> [...] stat=Sent' line in maillog then or later, your Bad Day Theory sounds quite likely. cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100105134920.K50666>