Okay, thanks for the re-wording. You've pointed me at the culprit. We have a convoluted internal delivery that ends up in Lotus Notes r4.6 and that is what reponded to the ORBZ message. Path was into qmail --> mailsweeper (since it was destined for aon.com) --> Notes r4.6 MTA which discovered the message couldn't be delivered so it returned it via --> qmail --> ORBZ Return-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 22087 invoked by uid 0); 21 Aug 2001 01:09:33 -0000 Received: from unknown (HELO smtp02.aon.com) (165.125.0.11) by a.ns.orbz.org with SMTP; 21 Aug 2001 .... Received: (qmail 19546 invoked from network); 21 Aug 2001 01:06:15 -0000 Received: from unknown (HELO USMTACST03.aon.com) (10.165.112.28) by smtp02.aon.com with .... Received: by USMTACST03.aon.com(Lotus SMTP MTA v4.6.7 (934.1 12-30-1999)) id 86256AAF.0005F498 ... X-Lotus-FromDomain: AONNA From: ORBZ Tester <[EMAIL PROTECTED]> To: ORBZ Relay Accepter <[EMAIL PROTECTED]> jeff Charles Cazabon <[EMAIL PROTECTED]> on 08/21/2001 12:50:35 PM To: [EMAIL PROTECTED] cc: (bcc: Jeff D Sweeten/ASC/US/AON) Subject: Re: ORBZ Please don't cc: me; I'm on the list, and I set Mail-Followup-To: appropriately. [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > >Are you _sure_ there are no spammers or outsiders in those networks? > > No outsiders, but spammers? hard to say since internal clients use the machine > to send to the outside. Okay; you have to keep an eye out for unintended relays from proxies, etc. > Based on http://www.orbz.org/b.php?165.125.0.11 they seem to be saying > that the issue is the fact that I attempted to deliver mail for > aon.com and it orginated from outside the network with a source of > aon.com. No, that's not what they're saying. They're saying they used your server, and sent a message using envelope sender and recipient addresses as follows: From: <[EMAIL PROTECTED]> To: <"[EMAIL PROTECTED]"@aon.com> And your server delivered it to them (<[EMAIL PROTECTED]>). qmail won't do this without some serious hackery on your part. qmail would not treat the local-part of an address as a new email address. What's probably happening is you're smtprouting to a server which _does_ do this broken address mangling/relaying. > How would I go about preventing mail orginating from the outside using > the From domain of aon.com from using the server? You can't. Anyone that can connect to your mail servers (to send you mail) can use your domain in the envelope sender as well. Charles -- ----------------------------------------------------------------------- Charles Cazabon <[EMAIL PROTECTED]> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ -----------------------------------------------------------------------
