Never mind about this. I caught the spammer... happened to be someone that got access to authenticated smtp, that's why relying wasn't denied.
> Hi, > > I'm trying to figure out what's going on, all I know is that my courier is > being flooded by spammers. As far as I know I have relaying denied, I even > tried relaying from the outside and I got the proper Relaying denied > error. > > However, my server is definitely being hijacked and I've had to block a > bunch of IPs. > > I don't understand how this is happening. I see the courieresmtp session > being started, and I see that the esmtp module is being used to relay > messages, and I'm not seeing the relay denied. > > I'm using the default Courier from Ubuntu 8.0.4, the version reported is > Courier 0.58.0.20080127 > > I have in smtpaccess/default: > > 127.0.0.1 allow,RELAYCLIENT > > # Also, enable relaying for 10.0.0.0/8 and 192.168.0.0/16 > > 10 allow,RELAYCLIENT > 192.168 allow,RELAYCLIENT > > My mailq has over 91,000 messages from just one spammer, I've pasted one > such session below. At the moment I've resorted to blocking (deny in > smtpaccess) a number of IPs, but I need to understand how the spammers are > getting around the relay restrictions... > > I see an external connection starting, and a message being setup to go to > the outside, so this is definitely a relay. > > May 16 00:46:14 321 courieresmtpd: started,ip=[::ffff:72.44.77.211] > May 16 00:46:14 321 courierd: Waiting. shutdown time=none, wakeup > time=Sat May 16 00:50:58 2009, queuedelivering=329, inprogress=40 > May 16 00:46:17 321 courierd: > newmsg,id=0000000000024712.000000004A0E6F48.000044CA: dns; ThankGod > ([::ffff:72.44.77.211]) > May 16 00:46:38 321 courierd: > started,id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,module=esmtp,host=yahoo.com,addr=<[email protected]> > May 16 00:46:39 321 courieresmtp: > id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>: > 250 ok dirdel > May 16 00:46:39 321 courieresmtp: > id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>,size=1848,success: > delivered: c.mx.mail.yahoo.com [216.39.53.2] > May 16 00:46:39 321 courieresmtp: > id=0000000000024712.000000004A0E6F48.000044CA,from=<[email protected]>,addr=<[email protected]>,size=1848,status: > success > May 16 00:46:39 321 courierd: > completed,id=0000000000024712.000000004A0E6F48.000044CA > > Please help, it's driving me nuts... :-( > > Thanks > Ricardo > > > ------------------------------------------------------------------------------ > Crystal Reports - New Free Runtime and 30 Day Trial > Check out the new simplified licensing option that enables > unlimited royalty-free distribution of the report engine > for externally facing server and web deployment. > http://p.sf.net/sfu/businessobjects > _______________________________________________ > courier-users mailing list > [email protected] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users > ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
