Re: [CentOS] close open relay
Jerry Geis [EMAIL PROTECTED] wrote (with a few extraneous bits removed): Original Message Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: [CentOS] close open relay hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message Sure enough I tried your test and that looks good... HOwever, when i run this test: HELO example.com MAIL From: [EMAIL PROTECTED] RCPT To: [EMAIL PROTECTED] DATA Subject: Think we're insecure... I have a feeling our mail server is being abused... .. QUIT and paste that into port 25 of my server (telnet I'm talking) I get the email and I should not ( I presume) as I am not example.com. Jerry The bottom of the file /etc/sendmail.mc should look like the following (change my domain, davenjudy.org, to whatever is appropriate for your domain). This won't get rid of any open relay problems but will at least fix the example.com issue: ... dnl # dnl # The following example makes mail from this host and any additional dnl # specified domains appear to be sent from mydomain.com dnl # MASQUERADE_AS(`davenjudy.org')dnl dnl # dnl # masquerade not just the headers, but the envelope as well dnl # dnl FEATURE(masquerade_envelope)dnl dnl # dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well dnl # FEATURE(masquerade_entire_domain)dnl dnl # dnl MASQUERADE_DOMAIN(localhost)dnl dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl MASQUERADE_DOMAIN(local.davenjudy.org)dnl MASQUERADE_DOMAIN(davenjudy.org)dnl As for possibly having an open relay, you also want to make sure that the following line is commented out (has dnl at the beginning): dnl # dnl FEATURE(`relay_based_on_MX')dnl dnl # Finally, you'll need a line like: FEATURE(`relay_entire_domain')dnl DO NOT uncomment any of the other lines in sendmail.mc regarding relay settings unless you know what you're doing. If you aren't sure what was changed from the default, remove the sendmail-cf rpm and reinstall it to get back to a clean, default sendmail.mc file. It's a good idea to explicitly run make in /etc/mail and then bounce sendmail rather than let the sendmail startup script decide something has changed since it's easier to catch syntax errors that way. Finally, get a free mail account at your provider of choice (Google, Hotmail, whoever) and use it for testing both sending and receiving mail. Cheers, Dave -- Politics, n. Strife of interests masquerading as a contest of principles. -- Ambrose Bierce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
On Wed, Nov 12, 2008 at 3:53 PM, Ross Walker [EMAIL PROTECTED] wrote: On Nov 12, 2008, at 5:08 PM, Jerry Geis [EMAIL PROTECTED] wrote: lists-centos wrote: sorry, the start page is: http://www.abuse.net/relay.html look at the headers of the original messages (probably included as attachments) that sbcglobal is sending back. it's very possible that a spammer has forged an address from your machine on their outbound spam, and sbcglobal is bouncing that, (rather than rejecting, because they haven't a clue), generating scatter-back spam. - Rick Original Message Date: Wednesday, November 12, 2008 04:44:02 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: Re: [CentOS] close open relay lists-centos wrote: You have to have changed more than just the sendmail.mc/cf to make a default centos sendmail setup an open mail relay. Your /etc/mail/access file is where things are defined as to what you relay for. The /etc/mail/local-host-names effects what you accept mail for. Make certain that what you're using to test that's it's an open relay is reporting things correctly. There's a difference between sendmail being open (accepting mail from the outside) and an open relay. The former is expected from a mail server, the latter is a problem. I use: http://verify.abuse.net/cgi-bin/relaytest which runs through a range of tests. I tried it against your 24.123.23.170 mail server a few min. ago and all was fine. - Rick Original Message Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: [CentOS] close open relay hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message When I run the following I get broken web page: http://verify.abuse.net/cgi-bin/relaytest I am getting investigating all this as I am getting return emails from sbcglobal that I am spam. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message Sure enough I tried your test and that looks good... HOwever, when i run this test: HELO example.com MAIL From: [EMAIL PROTECTED] RCPT To: [EMAIL PROTECTED] DATA Subject: Think we're insecure... I have a feeling our mail server is being abused... . QUIT and paste that into port 25 of my server (telnet I'm talking) I get the email and I should not ( I presume) as I am not example.com. That's not relaying. A true test is if you telnet from a public ip to your SMTP port and try to send an email to a domain that isn't yours, like a gmail account, does it go through. It shouldn't, but it should if sent from an internal ip. Basically you need a file of hosts/networks allowed to relay to any domain (your internal hosts), and a file of domains that are allowed to be relayed by anyone (domains you handle). Can't remember their names, look in /etc/mail/Makefile for hints. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos I submit that this email is an excellent example of both the needs to bottom-post (ONLY) and edit postings to limit the content to the relevant material (included in its entirety on purpose, and with absolutely NO offense to Ross intended - seriously.) 'Nuff said. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] close open relay
hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
On Wed, Nov 12, 2008 at 12:43 PM, Bernard 'Tux' Lheureux [EMAIL PROTECTED] wrote: M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici : http://www.aful.org/ressources/documentations/msie-problemes-securite/ This is a really good read. If you don't speak/read French, use google to locate the page (copy the URL into the search bar) and select a translator. It's not perfect (doesn't understand French grammar, which is a little different from English), but it's easy to figure out the discrepancies. Thanks, Tux! mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
lists-centos wrote: You have to have changed more than just the sendmail.mc/cf to make a default centos sendmail setup an open mail relay. Your /etc/mail/access file is where things are defined as to what you relay for. The /etc/mail/local-host-names effects what you accept mail for. Make certain that what you're using to test that's it's an open relay is reporting things correctly. There's a difference between sendmail being open (accepting mail from the outside) and an open relay. The former is expected from a mail server, the latter is a problem. I use: http://verify.abuse.net/cgi-bin/relaytest which runs through a range of tests. I tried it against your 24.123.23.170 mail server a few min. ago and all was fine. - Rick Original Message Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: [CentOS] close open relay hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message When I run the following I get broken web page: http://verify.abuse.net/cgi-bin/relaytest I am getting investigating all this as I am getting return emails from sbcglobal that I am spam. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
Jerry Geis wrote: I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl It should be: DAEMON_OPTIONS(`Port=smtp, Name=MTA') M$-Internet Exploder est le cancer de l'Internet, voyez pourquoi ici : http://www.aful.org/ressources/documentations/msie-problemes-securite/ -- (°- Bernard Lheureux Gestionnaire des MailingLists ML, TechML, LinuxML //\ http://www.bbsoft4.org/Mailinglists.htm ** MailTo:[EMAIL PROTECTED] v_/_ http://www.bbsoft4.org/ () http://www.portalinux.org ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
lists-centos wrote: sorry, the start page is: http://www.abuse.net/relay.html look at the headers of the original messages (probably included as attachments) that sbcglobal is sending back. it's very possible that a spammer has forged an address from your machine on their outbound spam, and sbcglobal is bouncing that, (rather than rejecting, because they haven't a clue), generating scatter-back spam. - Rick Original Message Date: Wednesday, November 12, 2008 04:44:02 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: Re: [CentOS] close open relay lists-centos wrote: You have to have changed more than just the sendmail.mc/cf to make a default centos sendmail setup an open mail relay. Your /etc/mail/access file is where things are defined as to what you relay for. The /etc/mail/local-host-names effects what you accept mail for. Make certain that what you're using to test that's it's an open relay is reporting things correctly. There's a difference between sendmail being open (accepting mail from the outside) and an open relay. The former is expected from a mail server, the latter is a problem. I use: http://verify.abuse.net/cgi-bin/relaytest which runs through a range of tests. I tried it against your 24.123.23.170 mail server a few min. ago and all was fine. - Rick Original Message Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: [CentOS] close open relay hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message When I run the following I get broken web page: http://verify.abuse.net/cgi-bin/relaytest I am getting investigating all this as I am getting return emails from sbcglobal that I am spam. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message Sure enough I tried your test and that looks good... HOwever, when i run this test: HELO example.com MAIL From: [EMAIL PROTECTED] RCPT To: [EMAIL PROTECTED] DATA Subject: Think we're insecure... I have a feeling our mail server is being abused... . QUIT and paste that into port 25 of my server (telnet I'm talking) I get the email and I should not ( I presume) as I am not example.com. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
On Nov 12, 2008, at 5:08 PM, Jerry Geis [EMAIL PROTECTED] wrote: lists-centos wrote: sorry, the start page is: http://www.abuse.net/relay.html look at the headers of the original messages (probably included as attachments) that sbcglobal is sending back. it's very possible that a spammer has forged an address from your machine on their outbound spam, and sbcglobal is bouncing that, (rather than rejecting, because they haven't a clue), generating scatter-back spam. - Rick Original Message Date: Wednesday, November 12, 2008 04:44:02 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: Re: [CentOS] close open relay lists-centos wrote: You have to have changed more than just the sendmail.mc/cf to make a default centos sendmail setup an open mail relay. Your /etc/mail/access file is where things are defined as to what you relay for. The /etc/mail/local-host-names effects what you accept mail for. Make certain that what you're using to test that's it's an open relay is reporting things correctly. There's a difference between sendmail being open (accepting mail from the outside) and an open relay. The former is expected from a mail server, the latter is a problem. I use: http://verify.abuse.net/cgi-bin/relaytest which runs through a range of tests. I tried it against your 24.123.23.170 mail server a few min. ago and all was fine. - Rick Original Message Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis [EMAIL PROTECTED] To: CentOS ML centos@centos.org Subject: [CentOS] close open relay hi all, running centos 4.7 i686. I seem to have an o pen r elay sendmail server. How do I close it? I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl so as to allow incoming email and not just localhost. however this seems to relay everyone. I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying. How do I close the relay? Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message When I run the following I get broken web page: http://verify.abuse.net/cgi-bin/relaytest I am getting investigating all this as I am getting return emails from sbcglobal that I am spam. Jerry ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos End Original Message Sure enough I tried your test and that looks good... HOwever, when i run this test: HELO example.com MAIL From: [EMAIL PROTECTED] RCPT To: [EMAIL PROTECTED] DATA Subject: Think we're insecure... I have a feeling our mail server is being abused... . QUIT and paste that into port 25 of my server (telnet I'm talking) I get the email and I should not ( I presume) as I am not example.com. That's not relaying. A true test is if you telnet from a public ip to your SMTP port and try to send an email to a domain that isn't yours, like a gmail account, does it go through. It shouldn't, but it should if sent from an internal ip. Basically you need a file of hosts/networks allowed to relay to any domain (your internal hosts), and a file of domains that are allowed to be relayed by anyone (domains you handle). Can't remember their names, look in /etc/mail/Makefile for hints. -Ross ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] close open relay
I am getting investigating all this as I am getting return emails from sbcglobal that I am spam. Can you collaborate those mails with your logs? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos