From owner-freebsd-questions@FreeBSD.ORG Mon Sep 8 14:26:55 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6DD6106566C for ; Mon, 8 Sep 2008 14:26:55 +0000 (UTC) (envelope-from paul@ifdnrg.com) Received: from mx.ifdnrg.com (mx.ifdnrg.com [193.200.98.30]) by mx1.freebsd.org (Postfix) with ESMTP id ADC968FC08 for ; Mon, 8 Sep 2008 14:26:54 +0000 (UTC) (envelope-from paul@ifdnrg.com) X-Authenticated-Sender: œYES Received: from [192.168.1.118] (87-194-184-71.bethere.co.uk [87.194.184.71]) (authenticated bits=0) by mx.ifdnrg.com (8.13.8/8.13.8) with ESMTP id m88EQvpm058520; Mon, 8 Sep 2008 15:26:58 +0100 (BST) (envelope-from paul@ifdnrg.com) Message-ID: <48C53620.10804@ifdnrg.com> Date: Mon, 08 Sep 2008 15:26:40 +0100 From: Paul Macdonald User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: alydiomc@yahoo.com, freebsd-questions@freebsd.org References: <907677.98158.qm@web52202.mail.re2.yahoo.com> In-Reply-To: <907677.98158.qm@web52202.mail.re2.yahoo.com> X-Virus-Scanned: ClamAV 0.93.3/8190/Mon Sep 8 14:45:44 2008 on mx.ifdnrg.com X-Virus-Status: Clean X-Spam-Status: No, score=-12.3 required=6.0 tests=AWL,BAYES_00, DYN_RDNS_AND_INLINE_IMAGE, HTML_MESSAGE, RDNS_DYNAMIC autolearn=no version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mx.ifdnrg.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: Sendmail become open relay X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Sep 2008 14:26:55 -0000 This might be more general advice than a specific help, but i've found most bad mail originating from me comes from php driven forum sites. After originally patching the php src to log sitenames that send mail, i found enabling MAILHEAD support in php build adds customs headers which help to identify the site anyway. I plan on adding a milter to pick these up dynamically, but for now, it helps identify sites from stuck items in mailq. i.e a grep into mailq for X-PHP-Script /var/spool/mqueue/qfm83AltWj045560:H??X-PHP-Script: www.siteonserver.com/signup.php for x.101.27.178 Its easy to spot dubious scripts as the ip is commonly the same. gd luck. Paul. lyd mc wrote: > Hi guys need help.. > > My mailserver become an open relay. > > Unknown user can now send mail. > > snippet from mailq > > m88C8iWq042874 689 Mon Sep 8 20:08 > (Deferred: Name server: mx1.mail.tw.yahoo.com.: host name loo) > > > > > > > > > > > > > > > I don't have user 'osxch' and there others can also send.. > > > best regars thnx > > alydio > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- *Ultra fast and secure web hosting Live and on demand video streaming Custom online Solutions * *Paul Macdonald* Director paul@ifdnrg.com www.ifdnrg.com *IFDNRG* 127 Rose St South Lane, Edinburgh, EH2 4BB 0044.(0)131.2257470