Sendmail relaying from remote domains?

Brian J. McGovern mcgovern at beta.com
Tue Jun 14 13:27:36 GMT 2005 

I realize this question is probably best served by the sendmail mailing list,
but whereas I've added the Spam Assassin filter, I'm hoping to find a larger
community here that is running FreeBSD + sendmail + SpamAssassin who
have handled this, so I don't have to ask the question in 3 places :)

The issue I seem to be having is that messages are coming in, forged from my
domain, but sent to a valid user within my domain (e.g. from admin at fqdn.com to
joeuser at fqdn.com) containing a virus attachment.

I had assumed that sendmail would be smart enough to look at the fqdn portion,
and see that the sender is not in fact from that domain at all (a quick
reverse/forward DNS lookup of the inbound socket should prove this), and trash
this.

Is there an easy way to shut this down? An example mail log entry (for 
reference)...

Jun 14 09:16:47 spoon sm-mta[26398]: j5EDGgha026398: from=<admin at spoon.beta.com>, size=79449, class=0, nrcpts=1, msgid=<200506141316.j5EDGgha026398 at spoon.beta.com>, proto=ESMTP, daemon=IPv4, relay=255-115.users.forrester.com [63.76.255.115] (may be forged)
Jun 14 09:16:47 spoon spamd[697]: connection from localhost.beta.com [127.0.0.1] at port 64931 
Jun 14 09:16:47 spoon spamd[697]: info: setuid to root succeeded 
Jun 14 09:16:47 spoon spamd[697]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody. 
Jun 14 09:16:47 spoon spamd[697]: processing message (unknown) for root:65534. 
Jun 14 09:16:49 spoon spamd[697]: clean message (-0.0/5.0) for root:65534 in 2.2 seconds, 80647 bytes. 
Jun 14 09:16:49 spoon spamd[697]: result: .  0 - ALL_TRUSTED,HTML_10_20,HTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIMEOLE,NO_REAL_NAME,PRIORITY_NO_NAME scantime=2.2,size=80647,mid=(unknown),autolearn=failed 
Jun 14 09:16:49 spoon sm-mta[26398]: j5EDGgha026398: Milter add: header: X-Spam-Status: No, score=-0.0 required=5.0 tests=ALL_TRUSTED,HTML_10_20,\n\tHTML_MESSAGE,MIME_HTML_ONLY,MISSING_MIMEOLE,NO_REAL_NAME,\n\tPRIORITY_NO_NAME autolearn=failed version=3.0.2
Jun 14 09:16:49 spoon sm-mta[26398]: j5EDGgha026398: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on spoon.beta.com
Jun 14 09:16:49 spoon sm-mta[26402]: j5EDGgha026398: to=<mcgovern at spoon.beta.com>, delay=00:00:07, xdelay=00:00:00, mailer=local, pri=110031, relay=local, dsn=2.0.0, stat=Sent

	-Brian

More information about the freebsd-questions mailing list