Roger Walker wrote:
>
> My admin mailbox has been filling up with bounces from aol.com -
> obvious SPAM that appears to have originated from my qmail system
I am curious about that because recently I got a bounce from aol that
said that they don't accept mails anymore from mailservers with
dynamically assigned ip numbers. Therefore: who did say that it was
spam, aol or you? But that's a bit off topic :-))
> Here's my rather simple config for tcpserver:
>
> 127.0.0.1:allow,RELAYCLIENT=""
> 206.75.255.:allow,RELAYCLIENT=""
> 10.:allow,RELAYCLIENT=""
> :allow
This seems to be right. Did you compile it? Is your start-script ok? Did
you restart qmail?
> My qmail logs simply show a message generated by
> <[EMAIL PROTECTED]> and being sent to an aol.com account. Then another
> one. Then the third one and subsequent ones go out to variable numbers to
> aol.com accounts. Total about 550.
So someone from your domain tried to send mail to another host. That is
normal behaviour of qmail, as described in the "pictures" (
http://cr.yp.to/qmail/pictures.html ). With this information I am not
able to help you further for that anonymous could have been anyone.
There must be more information about anonymous and the way he got his
mail through your system.
Do you have the headers of the bounced mails? Did they say anything
about anonymous' ip or the way the mail got through your server? Can you
send one of those bounced mails' headers? In case I wasn't clear enough,
just the headers from the mail that was sent by your system to aol, not
the header of the bounce mail itself.
Do you have qmqpd running on your server? Did you install that properly?
That means: some ip numbers that are allowed and a :deny as last line?
If not, anybody could send mail through your system.
As I am not an expert I don't know of other possibilities.
hth,
caspar
