I'm running Qmail 1.03 on a Debian Linux PC connected to a cable-modem
(roadrunner). The other day, a roadrunner security test found that my
mailserver allows some third-party relays. It sent me the failing example
which I'll include below. It also pointed me to a website to help me in
fixing this problem. The website is http://mail-abuse.org/tsi/ar-fix.html,
which says that I should not be having this problem since I use qmail.
Here is the failing example. I've tried it myself and seen it accept the
message. In the example I've replaced my explicit IP address with
200.200.200.200.
>>> MAIL FROM:<openrelaytest@[200.200.200.200]>
<<< 250 ok
>>> RCPT TO:<[EMAIL PROTECTED]@[200.200.200.200]>
<<< 250 ok
>>> DATA
<<< 354 go ahead
My rcpthosts file has only my machine name in it and localhost.
I don't know how qmail is supposed to handle this case. Obviously, I don't
want to be forwarding spam all over the internet. How can I fix this?
