From owner-freebsd-questions  Mon Aug 13 17: 8:28 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from ren.sasknow.com (ren.sasknow.com [207.195.92.131])
	by hub.freebsd.org (Postfix) with ESMTP id 37FAC37B405
	for <questions@FreeBSD.ORG>; Mon, 13 Aug 2001 17:08:24 -0700 (PDT)
	(envelope-from ryan@sasknow.com)
Received: from localhost (ryan@localhost)
	by ren.sasknow.com (8.9.3/8.9.3) with ESMTP id SAA69244;
	Mon, 13 Aug 2001 18:08:20 -0600 (CST)
	(envelope-from ryan@sasknow.com)
Date: Mon, 13 Aug 2001 18:08:20 -0600 (CST)
From: Ryan Thompson <ryan@sasknow.com>
To: Dru <genisis@istar.ca>
Cc: questions@FreeBSD.ORG
Subject: Re: mailstats
In-Reply-To: <20010813193319.S754-100000@x1-6-00-50-ba-de-36-33.kico1.on.home.com>
Message-ID: <Pine.BSF.4.21.0108131802560.17561-100000@ren.sasknow.com>
Organization: SaskNow Technologies [www.sasknow.com]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Dru wrote to questions@FreeBSD.ORG:

> 
> Running FreeBSD 4.3-Release and noticed something new in my mailstats
> output:
> 
> Statistics from Tue Aug  7 20:02:01 2001
>  M   msgsfr  bytes_from   msgsto    bytes_to  msgsrej msgsdis  Mailer
>  3       14         57K     1405       3893K        1       0  local
>  5      894       4695K      160        184K     2593       0  esmtp
>  8      519       2365K        7         22K     2572       0  relay
> =============================================================
>  T     1427       7117K     1572       4099K     5166       0
>  C     1427                 1572                 5166
> 
> I don't recall ever having a relay line before. Is this something I
> should be concerned about? I haven't become a spam relay have I? Or is
> this somehow DNS related? I seem to be getting a lot less emails on a
> daily basis than I'm used to.

If you have any remote users who send SMTP mail through your server,
you're relaying. If you do have a spam relay, or someone has found a way
to send messages through your system, you're relaying. Though, I kind of
doubt the latter, as only 7 messages were sent in the report interval,
which is a very small percentage of your mail traffic. When spammers find
a relay, they typically hose it with messages.

To rule out the possibility of spam relaying altogether, read up on
sendmail configuration on www.sendmail.org, and make sure that you have
the appropriate bits in your sendmail.cf, access database, etc.

If you're curious about the sender/recipient/length of messages going
through your system, page through /var/log/maillog, zcat
/var/log/maillog*, and use some grep -v filters to get rid of repetitive
lines.

- Ryan


> TIA,
> 
> Dru
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 

-- 
  Ryan Thompson <ryan@sasknow.com>
  Network Administrator, Accounts

  SaskNow Technologies - http://www.sasknow.com
  #106-380 3120 8th St E - Saskatoon, SK - S7H 0W2

        Tel: 306-664-3600   Fax: 306-664-1161   Saskatoon
  Toll-Free: 877-727-5669     (877-SASKNOW)     North America


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message