Ben Evans <[EMAIL PROTECTED]> wrote:
> >But to follow up: I'm not sure I trust ORBZ to know their arse from
> >their elbow, based on some other things we've seen them do. Post the
> >unedited output of qmail-showctl here, along with a copy of the
> >script
> >you use to start qmail-smtpd (/service/pop3d/run or
> >/service/qmail-pop3d/run are common), and we'll tell you if you have
> >other problems in addition to the bad patch you mentioned.
>
> Thanks for the tips... Here's the scripts per request:
>
> ---- /service/pop3/run ----
>
> #!/bin/sh
>
> exec tcpserver -v 0 pop-3 /var/qmail/bin/qmail-popup 3dcool.3dhosting.com \
> /bin/checkpassword /var/qmail/bin/qmail-pop3d .maildir 2>&1
Fairly simple. You're not even using a tcprules file, so tcpserver
certainly isn't setting RELAYCLIENT inappropriately. It could,
conceivably, be set in your default environment, but that's highly
unlikely. So this looks fine.
> ---- qmail-showctl ---- (This is a long one)
[...]
> rcpthosts:
[...]
This looks fine as well.
> relaymailfrom: I have no idea what this file does.
So without actually examining your qmail-send logs, it looks like this
is the only way someone could have relayed spam through your machine --
I'm assuming, of course, you're not running qmail-qmqpd on a public
interface, but someone spamming through QMQP is a long shot anyway.
Remove that patch, recompile, stop qmail, run "make setup check", and
restart qmail. That should close your hole.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
-----------------------------------------------------------------------
