If you read earlier emails.. I stated it was generated by a script on the
server.. NOT through
relaying... SMTP is CLOSED on our server. We do not allow outgoing mail for
our clients because
of client abuse. We now make them use their ISP (dial up provider) to send
outgoing email.
And I have read the stuff on badmailfrom but that is DOMAIN i only want
specific USERS@DOMAIN
not able to send mail... not the whole domain... Like no one should be able
to send from [EMAIL PROTECTED]
but I want to be able to send from my address [EMAIL PROTECTED] ... and
according to the manual if I add
RASK.COM to the BADMAILFROM file it blocks us all....
So you know.. our server runs perl (of course....) and PHP.
I am the only developer on the server who programs ANY PERL or PHP on the
server.
I have reviewed all my scripts... none of them can be exploited that I can
tell.
All mail functions have the TO field HARDCODED in so it can not be used to
send to anyone else.
Any other suggestions of finding the problem?
At 08:09 AM 9/14/2001, you wrote:
>On Fri, Sep 14, 2001 at 10:56:31AM -0700, Ian LeBlanc wrote:
> > Ok is there any patches that allow me to specify FULL from addresses that
> > the server when it recieves them trashes the email.
> > Example..
>
>There is no need for patches to do this -- badmailfrom already does
>this. man qmail-smtpd. However, that won't stop the typical spammer, who
>does something like this:
>
>MAIL FROM: <>
>RCPT TO:blah1
>RCPT TO:blah2....
>From: [EMAIL PROTECTED]
>Subject: Make Money Fa$t
>To: Valued Client
>
>Here is some spam.....
>
>The right way to prevent this sort of junk is not to allow relay for the
>kind of folks who do this...
>
> >
> >
> > Someone is generating spam on my server and sending out from [EMAIL PROTECTED]
> > the mail box [EMAIL PROTECTED] DOES NOT exist but the server sends it out
> > anyways..
>
>So you're being used as a spam relay -- what do the logs say? Tying
>qmail-smtpd and qmail-send logs together should make tracing this down
>to the originator easy....
>
> >
> > I am talking MILLIONS of emails... I can not track where they are
> > generating the mail
> > from but it is now causing us a lot of trouble as ISPs are starting to
> > block our server
> > and I in the meantime get hundred thousand bounce messages.
> >
> > We are actually now considering changing MTAs because there seems to be no
> > fix for what is going on and we see that as a problem.
>
>That is concerning... Odds are, you're allowing relay to whomever is
>doing the spamming, for one of the following reasons:
>
>1. A script on the server (often web-based) allows outsiders to relay.
>This is easy to fix short-term -- disable the script. :)
>
>2. You've misconfigured RELAYCLIENT, allowing all* IP addresses relay
>access.
>
>*Or incorrect, possibly.
>
>3. The spammer is a customer of yours or employee of yours, and you're
>allowing him to relay.
>
>
>Please let us know what the logs say...
>
>GW
-
Regards,
Ian LeBlanc
System Administrator /
Software Development
Rask, Inc. - www.rask.com
Phone: (727) 517-2000
Fax: (727) 517-2001
####################################
Help out in the fight against spam
goto http://www.spamcop.net for more info
####################################
