|
Greetings,
I received an email Sunday from an administrator
who had received a bounced spam message. Apparently, the sender is using
one of my IP addresses. The administrator gave the step-by-step on how he
verified the open relay. I then checked it myself. It indeed was
allowing unauthenticated users from unknown IP addresses to relay (I've got the
"enable-roaming-users" enabled).
I rebooted the server (not getting expected results
when trying to manually restart qmail), and contacted my bandwidth provider,
since I do not have access to any machines that do not (at some time) have
authority to use the email server. They checked, it was no longer
relaying.
At the moment, I'm thinking I'll just update to the
latest vpopmail/qmailadmin combo and cross my fingers. Always a good idea,
but Linux is so reliable, I find myself getting lazy sometimes...
In the mean time (upgrades are scheduled for next
weekend), I've been out and about checking to see if that particular IP address
(or my domain name) have been blacklisted anywhere, perusing the mailing list
archives, etc.
I happened across an open-relay checker. I
typed in the offending IP address, and it ran maybe a dozen different tests on
the server.
To my dismay, it failed two of them. Here's
the two instances of formating that allowed the mail to go through:
RCPT TO: (prodigysolutions.com!nobody)
RCTP TO:
("nobody%prodigysolutions.com")
The spammer used the first formating with the
exclamation mark...
I'm almost sick over what I've discovered...
Are these false readings? Does the latest version of vpopmail with roaming
users fix this? What can I do to shore these holes up?
It looks like I'm using vpopmail 4.9.6 from what
I've got in /usr/src...
What's killing me is that is was just checked by
ORBS on the 20th (nominated by SpamCop), and 5 days later it's being
raped...
Anxiously awaiting responses, bucket in
hand.
Brenden Dawson
|
