Hi, I'm trying to figure out what's going on, all I know is that my courier is being flooded by spammers. As far as I know I have relaying denied, I even tried relaying from the outside and I got the proper Relaying denied error.
However, my server is definitely being hijacked and I've had to block a bunch of IPs. I don't understand how this is happening. I see the courieresmtp session being started, and I see that the esmtp module is being used to relay messages, and I'm not seeing the relay denied. I'm using the default Courier from Ubuntu 8.0.4, the version reported is Courier 0.58.0.20080127 I have in smtpaccess/default: 127.0.0.1 allow,RELAYCLIENT # Also, enable relaying for 10.0.0.0/8 and 192.168.0.0/16 10 allow,RELAYCLIENT 192.168 allow,RELAYCLIENT My mailq has over 91,000 messages from just one spammer, I've pasted one such session below. At the moment I've resorted to blocking (deny in smtpaccess) a number of IPs, but I need to understand how the spammers are getting around the relay restrictions... I see an external connection starting, and a message being setup to go to the outside, so this is definitely a relay. May 16 00:46:14 321 courieresmtpd: started,ip=[::ffff:72.44.77.211] May 16 00:46:14 321 courierd: Waiting. shutdown time=none, wakeup time=Sat May 16 00:50:58 2009, queuedelivering=329, inprogress=40 May 16 00:46:17 321 courierd: newmsg,id=0000000000024712.000000004A0E6F48.000044CA: dns; ThankGod ([::ffff:72.44.77.211]) May 16 00:46:38 321 courierd: started,id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,module=esmtp,host=yahoo.com,addr=<[email protected]> May 16 00:46:39 321 courieresmtp: id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>: 250 ok dirdel May 16 00:46:39 321 courieresmtp: id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>,size=1848,success: delivered: c.mx.mail.yahoo.com [216.39.53.2] May 16 00:46:39 321 courieresmtp: id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>,size=1848,status: success May 16 00:46:39 321 courierd: completed,id=0000000000024712.000000004A0E6F48.000044CA Please help, it's driving me nuts... :-( Thanks Ricardo ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
