Sendmail become open relay
Paul Macdonald
paul at ifdnrg.com
Mon Sep 8 14:26:55 UTC 2008
This might be more general advice than a specific help, but i've found
most bad mail originating from me comes from php driven forum sites.
After originally patching the php src to log sitenames that send mail, i
found enabling MAILHEAD support in php build adds customs headers which
help to identify the site anyway.
I plan on adding a milter to pick these up dynamically, but for now, it
helps identify sites from stuck items in mailq.
i.e a grep into mailq for X-PHP-Script
/var/spool/mqueue/qfm83AltWj045560:H??X-PHP-Script:
www.siteonserver.com/signup.php for x.101.27.178
Its easy to spot dubious scripts as the ip is commonly the same.
gd luck.
Paul.
lyd mc wrote:
> Hi guys need help..
>
> My mailserver become an open relay.
>
> Unknown user can now send mail.
>
> snippet from mailq
>
> m88C8iWq042874 689 Mon Sep 8 20:08 <osxch at mail.mydomain.com>
> (Deferred: Name server: mx1.mail.tw.yahoo.com.: host name loo)
> <chenaa00 at yahoo.com.tw>
> <chena0.tw at yahoo.com.tw>
> <chena0877 at yahoo.com.tw>
> <chena0 at yahoo.com.tw>
> <chena11 at yahoo.com.tw>
> <chena121959330 at yahoo.com.tw>
> <chena1238 at yahoo.com.tw>
> <chena186890 at yahoo.com.tw>
> <chena1966 at yahoo.com.tw>
> <chena20155 at yahoo.com.tw>
> <chena226 at yahoo.com.tw>
> <chena22 at yahoo.com.tw>
> <chena26232000 at yahoo.com.tw>
>
> I don't have user 'osxch' and there others can also send..
>
>
> best regars thnx
>
> alydio
>
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
--
<http://www.ifdnrg.com> *Ultra fast and secure web hosting
Live and on demand video streaming
Custom online Solutions *
*Paul Macdonald*
Director
paul at ifdnrg.com <mailto:paul at ifdnrg.com>
www.ifdnrg.com <http://www.ifdnrg.com>
*IFDNRG*
127 Rose St South Lane, Edinburgh, EH2 4BB
0044.(0)131.2257470
More information about the freebsd-questions
mailing list