From owner-freebsd-questions@FreeBSD.ORG  Sun Aug 15 20:16:01 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5D97A10656A3
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2010 20:16:01 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es
	[85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id 165DF8FC19
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2010 20:16:00 +0000 (UTC)
Received: from beta.local (unknown [80.150.105.138])
	by mail.locolomo.org (Postfix) with ESMTPSA id 5801C1C0871
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Aug 2010 22:15:59 +0200 (CEST)
Message-ID: <4C684AFD.5030607@locolomo.org>
Date: Sun, 15 Aug 2010 22:15:57 +0200
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US;
	rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <201008142113.o7ELDsin018314@mail.r-bonomi.com>
	<20100815152031.D72621065675@hub.freebsd.org>
In-Reply-To: <20100815152031.D72621065675@hub.freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Open Mail Relay
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Aug 2010 20:16:01 -0000

On 15/08/10 13.57, peter@vfemail.net wrote:

> Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail.  How would I go about locating that other mailer?

If the messages are indeed relayed through your server then you can see 
it in the logs and in the Received header field which host is sending 
the mail to your server.

If somebody forges mail to appear to come from your domain, but not 
relayed through your server there is really not much you can do. Only 
the recipient server can reject the mails.

Some servers support spf and you can help other servers know that mail 
from your domain must originate from your server by adding a txt entry 
in your dns.

BR, Erik