From owner-freebsd-questions@FreeBSD.ORG Tue Jun 14 13:27:35 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EA52316A41C for ; Tue, 14 Jun 2005 13:27:35 +0000 (GMT) (envelope-from mcgovern@spoon.beta.com) Received: from spoon.beta.com (spoon.beta.com [199.165.180.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7259F43D49 for ; Tue, 14 Jun 2005 13:27:35 +0000 (GMT) (envelope-from mcgovern@spoon.beta.com) Received: from spoon.beta.com (localhost.beta.com [127.0.0.1]) by spoon.beta.com (8.13.3/8.13.3) with ESMTP id j5EDRXj2026483 for ; Tue, 14 Jun 2005 09:27:33 -0400 (EDT) (envelope-from mcgovern@spoon.beta.com) Message-Id: <200506141327.j5EDRXj2026483@spoon.beta.com> To: questions@freebsd.org Date: Tue, 14 Jun 2005 09:27:33 -0400 From: "Brian J. McGovern" X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on spoon.beta.com Cc: Subject: Sendmail relaying from remote domains? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 13:27:36 -0000 I realize this question is probably best served by the sendmail mailing list, but whereas I've added the Spam Assassin filter, I'm hoping to find a larger community here that is running FreeBSD + sendmail + SpamAssassin who have handled this, so I don't have to ask the question in 3 places :) The issue I seem to be having is that messages are coming in, forged from my domain, but sent to a valid user within my domain (e.g. from admin@fqdn.com to joeuser@fqdn.com) containing a virus attachment. I had assumed that sendmail would be smart enough to look at the fqdn portion, and see that the sender is not in fact from that domain at all (a quick reverse/forward DNS lookup of the inbound socket should prove this), and trash this. Is there an easy way to shut this down? An example mail log entry (for reference)... Jun 14 09:16:47 spoon sm-mta[26398]: j5EDGgha026398: from=, size=79449, class=0, nrcpts=1, msgid=<200506141316.j5EDGgha026398@spoon.beta.com>, proto=ESMTP, daemon=IPv4, relay=255-115.users.forrester.com [63.76.255.115] (may be forged) Jun 14 09:16:47 spoon spamd[697]: connection from localhost.beta.com [127.0.0.1] at port 64931 Jun 14 09:16:47 spoon spamd[697]: info: setuid to root succeeded Jun 14 09:16:47 spoon spamd[697]: Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. Jun 14 09:16:47 spoon spamd[697]: processing message (unknown) for root:65534. Jun 14 09:16:49 spoon spamd[697]: clean message (-0.0/5.0) for root:65534 in 2.2 seconds, 80647 bytes. Jun 14 09:16:49 spoon spamd[697]: result: . 0 - ALL_TRUSTED,HTML_10_20,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIMEOLE,NO_REAL_NAME,PRIORITY_NO_NAME scantime=2.2,size=80647,mid=(unknown),autolearn=failed Jun 14 09:16:49 spoon sm-mta[26398]: j5EDGgha026398: Milter add: header: X-Spam-Status: No, score=-0.0 required=5.0 tests=ALL_TRUSTED,HTML_10_20,\n\tHTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIMEOLE,NO_REAL_NAME,\n\tPRIORITY_NO_NAME autolearn=failed version=3.0.2 Jun 14 09:16:49 spoon sm-mta[26398]: j5EDGgha026398: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on spoon.beta.com Jun 14 09:16:49 spoon sm-mta[26402]: j5EDGgha026398: to=, delay=00:00:07, xdelay=00:00:00, mailer=local, pri=110031, relay=local, dsn=2.0.0, stat=Sent -Brian