Date: Thu, 19 Jun 2003 14:27:50 +0200 From: Andreas =?iso-8859-1?Q?Wider=F8e?= Andersen <awand@pragma.no> To: freebsd-questions@FreeBSD.ORG Subject: Do I have an open relay? Message-ID: <5.2.0.9.0.20030619141344.02971008@mail.pragma.no>
next in thread | raw e-mail | index | archive | help
Hi,
I'm a bit nervous here. Recently I've started getting 20-25 mails to my=20
Postmaster account on my FreeBSD 4.8RC server running Sendmail=20
8.12.8/8.12.8 each day with a message to Postmaster that the mail could not=
=20
be delivered.
In the daily run output from the server I see messages like these:
Mail in local queue:
/var/spool/mqueue (15 requests)
-----Q-ID----- --Size-- -----Q-Time-----=20
------------Sender/Recipient-----------
h5IGWCj5047460 4477 Wed Jun 18 18:44 MAILER-DAEMON
(Deferred: Connection refused by mobilemice.com.)
<RevaO@mobilemice.com>
h5HJ1xj4020111 4251 Tue Jun 17 21:03 MAILER-DAEMON
(Deferred: Connection refused by distanteye.com.)
<FKettle@distanteye.com>
h5HFHEj3015655 3298 Tue Jun 17 17:17 MAILER-DAEMON
(host map: lookup (triplepipe.com): deferred)
<Jestine.Lack@triplepipe.com>
I have no relations with these hosts.
In the maillog from the server I see this:
Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939:=20
to=3D<AshleighA@distanteye.com>, delay=3D3+10:06:00, xdelay=3D00:00:00,=20
mailer=3Desmtp, pri=3D15062899, relay=3Ddistanteye.com., dsn=3D4.0.0,=20
stat=3DDeferred: Connection refused by distanteye.com.
Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159:=20
to=3D<AshleighA@distanteye.com>, delay=3D3+14:25:00, xdelay=3D00:00:00,=20
mailer=3Desmtp, pri=3D15962899, relay=3Ddistanteye.com., dsn=3D4.0.0,=20
stat=3DDeferred: Connection refused by distanteye.com.
Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158:=20
to=3Daf@fvr.no,bw@fvr.no,gs@fvr.no,hr@fvr.no,rh@fvr.no, delay=3D3+14:28:25,=
=20
xdelay=3D00:01:38, mailer=3Desmtp, pri=3D16261875, relay=3Dmailgw.c2i.net.,=
=20
dsn=3D4.0.0, stat=3DDeferred: 450 Unable to find distanteye.com
Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115:=20
to=3D<Hanemann.Bryanna@mobilemice.com>, delay=3D4+11:37:52, xdelay=3D00:00:0=
0,=20
mailer=3Desmtp, pri=3D19742831, relay=3Dmobilemice.com., dsn=3D4.0.0,=20
stat=3DDeferred: Connection refused by mobilemice.com.
Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414:=20
to=3D<Hanemann.Bryanna@mobilemice.com>, delay=3D4+15:54:08, xdelay=3D00:00:0=
0,=20
mailer=3Desmtp, pri=3D20642831, relay=3Dmobilemice.com., dsn=3D4.0.0,=20
stat=3DDeferred: Connection refused by mobilemice.com.
The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*.
I've manually configured my .mc file which looks like this (I'm running=20
Procmail and Spamassassin):
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14=20
03:21:18 keramida Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl=
http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from "=20
$&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"=20
$&{client_add
r}')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=3DIPv4, Family=3Dinet')
dnl DAEMON_OPTIONS(`Name=3DIPv6, Family=3Dinet6')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confMAX_MIME_HEADER_LENGTH', `256/128')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
FEATURE(local_procmail)
MAILER(local)
MAILER(smtp)
If I try to telnet to my server from "somewhere" I get relaying denied so I=
=20
think I've got it right, but somehow I have a feeling someone is getting=20
through somehow. I'm running Apache, MySQL, PHP and other "webserver"=20
related apps on the same machine.
Thanks for any help!
Andreas
---
Andreas Wider=F8e Andersen <awand@pragma.no>
Pragma AS
http://www.pragma.no=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030619141344.02971008>