Site Navigation

Date:      Mon, 08 Sep 2008 15:26:40 +0100
From:      Paul Macdonald <paul@ifdnrg.com>
To:        alydiomc@yahoo.com, freebsd-questions@freebsd.org
Subject:   Re: Sendmail become open relay
Message-ID:  <48C53620.10804@ifdnrg.com>
In-Reply-To: <907677.98158.qm@web52202.mail.re2.yahoo.com>
References:  <907677.98158.qm@web52202.mail.re2.yahoo.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

This might be more general advice than a specific help, but i've found 
most bad mail originating from me comes from php driven forum sites.
After originally patching the php src to log sitenames that send mail, i 
found enabling MAILHEAD support in php build adds customs headers which 
help to identify the site anyway.

I plan on adding a milter to pick these up dynamically, but for now, it 
helps identify sites from stuck items in mailq.

i.e a grep into mailq  for X-PHP-Script

/var/spool/mqueue/qfm83AltWj045560:H??X-PHP-Script: 
www.siteonserver.com/signup.php for x.101.27.178

Its easy to spot dubious scripts as the ip is commonly the same.

gd luck.
Paul.

lyd mc wrote:
> Hi guys need help..
>
> My mailserver become an open relay.
>
> Unknown user can now send mail.
>
> snippet from mailq
>
> m88C8iWq042874      689 Mon Sep  8 20:08 <osxch@mail.mydomain.com>
>                  (Deferred: Name server: mx1.mail.tw.yahoo.com.: host name loo)
>                                          <chenaa00@yahoo.com.tw>
>                                          <chena0.tw@yahoo.com.tw>
>                                          <chena0877@yahoo.com.tw>
>                                          <chena0@yahoo.com.tw>
>                                          <chena11@yahoo.com.tw>
>                                          <chena121959330@yahoo.com.tw>
>                                          <chena1238@yahoo.com.tw>
>                                          <chena186890@yahoo.com.tw>
>                                          <chena1966@yahoo.com.tw>
>                                          <chena20155@yahoo.com.tw>
>                                          <chena226@yahoo.com.tw>
>                                          <chena22@yahoo.com.tw>
>                                          <chena26232000@yahoo.com.tw>
>
> I don't  have user 'osxch' and there others can also send..
>
>
> best regars thnx
>
> alydio
>
>
>
>
>       
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>   

-- 

<http://www.ifdnrg.com>; 	*Ultra fast and secure web hosting
Live and on demand video streaming
Custom online Solutions *

*Paul Macdonald*
Director 	
paul@ifdnrg.com <mailto:paul@ifdnrg.com>
www.ifdnrg.com <http://www.ifdnrg.com>; 	

	*IFDNRG*
127 Rose St South Lane, Edinburgh, EH2 4BB
0044.(0)131.2257470

	

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C53620.10804>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact