I don't think so the mail in the in the mail queue look something like
this.
4957711EA5F* 1667 Sun Aug 17 02:23:19 [EMAIL PROTECTED]
[EMAIL PROTECTED]
4249511EA61* 1669 Sun Aug 17 02:23:21 [EMAIL PROTECTED]
[EMAIL PROTECTED]
How can I check and see if I am an open relay?
> are you sure that they really relayed from your server? I thought I had
> the same problem a little while ago but it turned out not to be the case.
> This was my scenario:
>
> * Woody/postfix with nearly default settings and getting "bounce" return
> emails from unknown accounts on foreign mail servers
>
> * It turned out that someone was forging one of my domains as a "from"
> address, so the receiving mta simply bounced it back to me as "unknown
> account".
>
> * At first look, it seemed that I was acting as a relay and that I had
> been cracked. Scary stuff.
>
> * I used one of the anti-spam services to check if I was open relay and it
> turns out that I'm not.
>
> * Problem has now gone away, presumably because the evil people are now
> using someone elses domain in their fake headers.
>
>
> On 17 Aug 2003, Kevin Saenz wrote:
>
> > Ok I looked a little further in my logs and found that I wasn't
> > compromised. Basically there were just too many connections from
> > the following IP addresses
> > 220.117.21.254
> > 220.117.17.14
> > 81.218.55.61
> > 81.199.83.10
> > 220.117.18.116
> > 64.94.60.130
> > for my logs to keep up.
> > By the time my logs caught up it appeared that the emails were
> > internally driven from first glance.
> > Now I just have to find out how the hell they relayed from my server
> >
> > Kevin
> > > Over the past 24 hours it seems that someone has been using my
> > > mail server as a relay server. I don't know how this is possible
> > > given I am using postfix, and most of my settings are left at
> > > default. The other thing the mail jobs seem to be coming internally.
> > > I can't really see any external connections coming.
> > >
> > > all the mails seem to be from [EMAIL PROTECTED] and to @hanmail.net
> > > and looks like either they have a grudge or they are spammers.
> > >
> > > I have been looking for the source of the email, and have been checking
> > > my config several times to see if I have left something open.
> > > Can anyone help?
> > >
> > > TIA
> >
> > --
> > SLUG - Sydney Linux User's Group - http://slug.org.au/
> > More Info: http://lists.slug.org.au/listinfo/slug
> >
--
Regards,
Kevin Saenz
Spinaweb
I.T consultants
Ph: 02 4620 5130
Fax: 02 4625 9243
Mobile: 0418455661
Web: http://www.spinaweb.com.au
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
