Do I have an open relay?

AndreasWiderøeAndersen awand at pragma.no
Thu Jun 19 05:28:42 PDT 2003 

Hi,
I'm a bit nervous here. Recently I've started getting 20-25 mails to my 
Postmaster account on my FreeBSD 4.8RC server running Sendmail 
8.12.8/8.12.8 each day with a message to Postmaster that the mail could not 
be delivered.

In the daily run output from the server I see messages like these:

Mail in local queue:
                 /var/spool/mqueue (15 requests)
-----Q-ID----- --Size-- -----Q-Time----- 
------------Sender/Recipient-----------
h5IGWCj5047460     4477 Wed Jun 18 18:44 MAILER-DAEMON
                  (Deferred: Connection refused by mobilemice.com.)
                                         <RevaO at mobilemice.com>
h5HJ1xj4020111     4251 Tue Jun 17 21:03 MAILER-DAEMON
                  (Deferred: Connection refused by distanteye.com.)
                                         <FKettle at distanteye.com>
h5HFHEj3015655     3298 Tue Jun 17 17:17 MAILER-DAEMON
                  (host map: lookup (triplepipe.com): deferred)
                                         <Jestine.Lack at triplepipe.com>

I have no relations with these hosts.

In the maillog from the server I see this:

Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939: 
to=<AshleighA at distanteye.com>, delay=3+10:06:00, xdelay=00:00:00, 
mailer=esmtp, pri=15062899, relay=distanteye.com., dsn=4.0.0, 
stat=Deferred: Connection refused by distanteye.com.
Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159: 
to=<AshleighA at distanteye.com>, delay=3+14:25:00, xdelay=00:00:00, 
mailer=esmtp, pri=15962899, relay=distanteye.com., dsn=4.0.0, 
stat=Deferred: Connection refused by distanteye.com.
Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158: 
to=af at fvr.no,bw at fvr.no,gs at fvr.no,hr at fvr.no,rh at fvr.no, delay=3+14:28:25, 
xdelay=00:01:38, mailer=esmtp, pri=16261875, relay=mailgw.c2i.net., 
dsn=4.0.0, stat=Deferred: 450 Unable to find distanteye.com
Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115: 
to=<Hanemann.Bryanna at mobilemice.com>, delay=4+11:37:52, xdelay=00:00:00, 
mailer=esmtp, pri=19742831, relay=mobilemice.com., dsn=4.0.0, 
stat=Deferred: Connection refused by mobilemice.com.
Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414: 
to=<Hanemann.Bryanna at mobilemice.com>, delay=4+15:54:08, xdelay=00:00:00, 
mailer=esmtp, pri=20642831, relay=mobilemice.com., dsn=4.0.0, 
stat=Deferred: Connection refused by mobilemice.com.

The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*.

I've manually configured my .mc file which looks like this (I'm running 
Procmail and Spamassassin):

divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14 
03:21:18 keramida Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl       your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl --------------------------------
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/

dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " 
$&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" 
$&{client_add
r}')

dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4
dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confMAX_MIME_HEADER_LENGTH', `256/128')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
FEATURE(local_procmail)
MAILER(local)
MAILER(smtp)

If I try to telnet to my server from "somewhere" I get relaying denied so I 
think I've got it right, but somehow I have a feeling someone is getting 
through somehow. I'm running Apache, MySQL, PHP and other "webserver" 
related apps on the same machine.

Thanks for any help!
Andreas


---
Andreas Widerøe Andersen <awand at pragma.no>
Pragma AS

http://www.pragma.no

More information about the freebsd-questions mailing list