Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Sep 2006 15:57:54 -0700
From:      "Derrick Ryalls" <ryallsd@gmail.com>
To:        freeBSD <freebsd-questions@freebsd.org>
Subject:   Mail server relaying spam, but how?
Message-ID:  <d5eb95fc0609191557n2efc017waeb6ca53263e1bb4@mail.gmail.com>

next in thread | raw e-mail | index | archive | help
The problem is over and the machines in question have been rebuilt
from scratch, but I am still curious as to how it could have happened.

Many weeks ago I noticed that I my mail server was dealing with about
4x the amount of mail it normally does.  After much digging I was able
to trace it back to my brother's machine (different network, different
location) who happens to be my secondary DNS.  I mention the DNS part
since most of the spam being sent to my system was addressed to
domains I host.  In any case, the machine sending me all the spam was
not his mail server, but his router.

Since his actual mail server lives within his network, all port 25
traffic should have been diverted to his internal machine, so it
doesn't seem likely to have been a normal open relay issue.  His
router had qmail installed on it, and was running FreeBSD 4.5, but
aside from the huge amount of mail coming out of it I didn't see any
abnormal activity on the machine.

So the question becomes, how does a router with port 25/993 directed
to the internal network start relaying gobs of spam and why is all (?)
mail directed at my domains in particular?  I didn't see any new
accounts on the machine, nor any strange processes.  As soon as I shut
down all of qmail's processes the problem went away.

Any thoughts on this?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d5eb95fc0609191557n2efc017waeb6ca53263e1bb4>