Re: Spamassassin question [was Re: Do I have an open relay?]
All tests performed, no relays accepted. My access file only contains a list of domains I reject: Why not just not have one at all? As the top line says: ## Mail relay access control list. Default is to reject mail unless the ## destination is local, or listed in /etc/mail/sendmail.cw Well, my /etc/mail/access-sample says as listed in /etc/mail/local-host-names. So just don't have a /etc/mail/access, right? -- Jonathan Arnold (mailto:[EMAIL PROTECTED]) Daemon Dancing in the Dark, a FreeBSD blog: http://freebsd.amazingdev.com/blog ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Do I have an open relay?
Hi, I'm a bit nervous here. Recently I've started getting 20-25 mails to my Postmaster account on my FreeBSD 4.8RC server running Sendmail 8.12.8/8.12.8 each day with a message to Postmaster that the mail could not be delivered. In the daily run output from the server I see messages like these: Mail in local queue: /var/spool/mqueue (15 requests) -Q-ID- --Size-- -Q-Time- Sender/Recipient--- h5IGWCj5047460 4477 Wed Jun 18 18:44 MAILER-DAEMON (Deferred: Connection refused by mobilemice.com.) [EMAIL PROTECTED] h5HJ1xj4020111 4251 Tue Jun 17 21:03 MAILER-DAEMON (Deferred: Connection refused by distanteye.com.) [EMAIL PROTECTED] h5HFHEj3015655 3298 Tue Jun 17 17:17 MAILER-DAEMON (host map: lookup (triplepipe.com): deferred) [EMAIL PROTECTED] I have no relations with these hosts. In the maillog from the server I see this: Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939: to=[EMAIL PROTECTED], delay=3+10:06:00, xdelay=00:00:00, mailer=esmtp, pri=15062899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com. Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159: to=[EMAIL PROTECTED], delay=3+14:25:00, xdelay=00:00:00, mailer=esmtp, pri=15962899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com. Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED], delay=3+14:28:25, xdelay=00:01:38, mailer=esmtp, pri=16261875, relay=mailgw.c2i.net., dsn=4.0.0, stat=Deferred: 450 Unable to find distanteye.com Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115: to=[EMAIL PROTECTED], delay=4+11:37:52, xdelay=00:00:00, mailer=esmtp, pri=19742831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com. Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414: to=[EMAIL PROTECTED], delay=4+15:54:08, xdelay=00:00:00, mailer=esmtp, pri=20642831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com. The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*. I've manually configured my .mc file which looks like this (I'm running Procmail and Spamassassin): divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14 03:21:18 keramida Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `550 Mail from ${client_addr} rejected, see http://mail-abuse.org/cgi-bin/lookup?; ${client_add r}') dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6') define(`confBIND_OPTS', `WorkAroundBroken') define(`confMAX_MIME_HEADER_LENGTH', `256/128') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') FEATURE(local_procmail) MAILER(local) MAILER(smtp) If I try to telnet to my server from somewhere I get relaying denied so I think I've got it right, but somehow I have a feeling someone is getting through somehow. I'm running Apache, MySQL, PHP and other webserver related apps on the same machine. Thanks for any help! Andreas --- Andreas Widerøe Andersen [EMAIL PROTECTED] Pragma AS http://www.pragma.no ___ [EMAIL PROTECTED] mailing list
Re: Do I have an open relay?
Hello Andreas, You may have an open relay. What does your /etc/mail/access file look like? It should contain the networks or IP addresses you wish to be able to use your server to relay through. For example, mine looks similar to this: -- 10.0.0 RELAY 127.0.0.1 RELAY (where my local network is 10.0.0.0/24) --Steven Andreas Widerøe Andersen wrote: Hi, I'm a bit nervous here. Recently I've started getting 20-25 mails to my Postmaster account on my FreeBSD 4.8RC server running Sendmail 8.12.8/8.12.8 each day with a message to Postmaster that the mail could not be delivered. In the daily run output from the server I see messages like these: Mail in local queue: /var/spool/mqueue (15 requests) -Q-ID- --Size-- -Q-Time- Sender/Recipient--- h5IGWCj5047460 4477 Wed Jun 18 18:44 MAILER-DAEMON (Deferred: Connection refused by mobilemice.com.) [EMAIL PROTECTED] h5HJ1xj4020111 4251 Tue Jun 17 21:03 MAILER-DAEMON (Deferred: Connection refused by distanteye.com.) [EMAIL PROTECTED] h5HFHEj3015655 3298 Tue Jun 17 17:17 MAILER-DAEMON (host map: lookup (triplepipe.com): deferred) [EMAIL PROTECTED] I have no relations with these hosts. In the maillog from the server I see this: Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939: to=[EMAIL PROTECTED], delay=3+10:06:00, xdelay=00:00:00, mailer=esmtp, pri=15062899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com. Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159: to=[EMAIL PROTECTED], delay=3+14:25:00, xdelay=00:00:00, mailer=esmtp, pri=15962899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com. Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED], delay=3+14:28:25, xdelay=00:01:38, mailer=esmtp, pri=16261875, relay=mailgw.c2i.net., dsn=4.0.0, stat=Deferred: 450 Unable to find distanteye.com Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115: to=[EMAIL PROTECTED], delay=4+11:37:52, xdelay=00:00:00, mailer=esmtp, pri=19742831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com. Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414: to=[EMAIL PROTECTED], delay=4+15:54:08, xdelay=00:00:00, mailer=esmtp, pri=20642831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com. The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*. I've manually configured my .mc file which looks like this (I'm running Procmail and Spamassassin): divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14 03:21:18 keramida Exp $') OSTYPE(freebsd4) DOMAIN(generic) FEATURE(access_db, `hash -o -TTMPF /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `550 Mail from ${client_addr} rejected, see http://mail-abuse.org/cgi-bin/lookup?; ${client_add r}') dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6') define(`confBIND_OPTS', `WorkAroundBroken') define(`confMAX_MIME_HEADER_LENGTH', `256/128') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') FEATURE(local_procmail) MAILER(local) MAILER(smtp) If I try to telnet to my server from somewhere I get relaying denied so I think I've got it
Re: Do I have an open relay?
On Thu, 19 Jun 2003, Andreas Widerøe Andersen wrote: Hi, I'm a bit nervous here. Recently I've started getting 20-25 mails to my Postmaster account on my FreeBSD 4.8RC server running Sendmail 8.12.8/8.12.8 each day with a message to Postmaster that the mail could not be delivered. Sendmail by default does not relay, unless you enable PROMICUOUS_RELAY. To test if you have an open relay, go to: http://www.abuse.net/relay.html and run a test against your server. It may be a rumplestinkin attack, the spammers are trying to guess account names in your server, postmaster gets a copy of the bounce. Look at the logs for the full info. Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Spamassassin question [was Re: Do I have an open relay?]
On Thu, 19 Jun 2003, Andreas Widerøe Andersen wrote: Will Spamassassin only work on mails that are delivered to account on the server it runs (locally), or can it also work for mailinglists in Ie. /etc/mail/aliases that are being forward to other mailaccounts around the globe? It depends. If you feed Spamassassin through a procmail recipe, it'll only see the local delivered mails. You can install the milter hooks for Spamassassin (mail/spamass-milter) and then Spamassassin will see very single mail. Fer ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]