From owner-freebsd-questions@FreeBSD.ORG Sun Aug 15 15:41:03 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83F5B1065672 for ; Sun, 15 Aug 2010 15:41:03 +0000 (UTC) (envelope-from paul@ifdnrg.com) Received: from ifdnrg20.ifdnrg.com (outbound.ifdnrg.com [195.66.148.241]) by mx1.freebsd.org (Postfix) with ESMTP id 20EA88FC18 for ; Sun, 15 Aug 2010 15:41:02 +0000 (UTC) Received: from [192.168.1.131] (93-97-172-73.zone5.bethere.co.uk [93.97.172.73]) (authenticated bits=0) by ifdnrg20.ifdnrg.com (8.14.4/8.14.3) with ESMTP id o7FFf1qg043708; Sun, 15 Aug 2010 16:41:01 +0100 (BST) (envelope-from paul@ifdnrg.com) Message-ID: <4C680A8A.3070409@ifdnrg.com> Date: Sun, 15 Aug 2010 16:40:58 +0100 From: Paul Macdonald User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 MIME-Version: 1.0 To: peter@vfemail.net References: <201008142113.o7ELDsin018314@mail.r-bonomi.com> <20100815152031.D72621065675@hub.freebsd.org> In-Reply-To: <20100815152031.D72621065675@hub.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Open Mail Relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2010 15:41:03 -0000 On 15/08/2010 12:57, peter@vfemail.net wrote: > At 05:13 PM 8/14/2010, Robert Bonomi wrote: >>> From owner-freebsd-questions@freebsd.org Sat Aug 14 12:22:50 2010 >>> Date: Sat, 14 Aug 2010 09:29:54 -0400 >>> To: freebsd-questions@freebsd.org >>> From: peter@vfemail.net >>> Subject: Open Mail Relay >>> >>> >>> I have a machine running FreeBSD, sendmail and majordomo. I have someone who is on one of those majordomo lists complaining that they are receiving spam from me. The complainer says I have an open mail relay that I need to fix. >>> >>> I went tohttp://www.abuse.net/relay.html to test the machine using its IP address. Abuse.net gives a clean bill of health, saying relaying was denied in 17 separate tests. >>> >>> I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent. >>> >>> Is Abuse.net's test adequate to rule out an open mail relay problem? >> >> There are -several- possible sources of spam to that list user. >> >> The abusenet open-relay tests check only one of them. >> >> The machine ay be compromised (ie.e 'owned') andthe bad guys have >> installed their -own- mail-sending software on it. the logs that >> show activity from _your_ mail-sending software would, obviously, >> *not* show the activity of this other software. >> >> In additon, whatever mailinglist said user is subscribed to _may_ be set >> to take messaes from 'anybody', not just confirmed members of the list. >> >> Thirdly, some folks sign up for a list _just_ to send their off-topic >> commercial messages to it. >> >> NONE of those three scenarios are an 'open relay', but they all result >> in spam showing up in the list-subscriber's mailbox, that got there by >> _from_ your machine. > Thank you everyone for your many comments and suggestions. The level of talent and responsiveness on this list is nothing less than stunning. > > I've requested copies of the offensive messages, and I'm hopeful the complainer will send me copies. I believe I have control over the majordomo lists -- postings are restricted to list members, postings are monitored, and many lists are moderated. > > Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail. How would I go about locating that other mailer? > > > > you need the headers, that's what they're there for! > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- ------------------------- Paul Macdonald IFDNRG Ltd Web and video hosting ------------------------- t: 0131 5548070 m: 07534206249 e: paul@ifdnrg.com w: http://www.ifdnrg.com ------------------------- IFDNRG 40 Maritime Street Edinburgh EH6 6SA -------------------------