Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Aug 2010 13:21:54 -0500 (CDT)
From:      Robert Bonomi <bonomi@mail.r-bonomi.com>
To:        freebsd-questions@freebsd.org, norgaard@locolomo.org
Subject:   Re: Open Mail Relay
Message-ID:  <201008161821.o7GILsQ8004033@mail.r-bonomi.com>

next in thread | raw e-mail | index | archive | help
> From owner-freebsd-questions@freebsd.org  Sun Aug 15 15:15:43 2010
> Date: Sun, 15 Aug 2010 22:15:57 +0200
> From: Erik Norgaard <norgaard@locolomo.org>
> To: freebsd-questions@freebsd.org
> Subject: Re: Open Mail Relay
>
> On 15/08/10 13.57, peter@vfemail.net wrote:
>
> > Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail.  How would I go about locating that other mailer?
>
> If the messages are indeed relayed through your server then you can see 
> it in the logs and in the Received header field which host is sending 
> the mail to your server.

*IF* it is just a case of the 'intended to be used' mail server is mis-
configured, and allowing relaying, that is correct.

*IF*, OTOH, the machine has been broken-into/compromised/"owned", then
the 'bad guys'  are fully capable of installing their _own_ mail-sending
software --software that does *NOT* record anything in the normal log files.
This kind of software is 'maliciously built' to leave *no* tracks with 
regard to incoming _or_ outgoing connections from/to other hosts.
>
> If somebody forges mail to appear to come from your domain, but not 
> relayed through your server there is really not much you can do. Only 
> the recipient server can reject the mails.
>
> Some servers support spf and you can help other servers know that mail 
> from your domain must originate from your server by adding a txt entry 
> in your dns.
>
> BR, Erik
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201008161821.o7GILsQ8004033>