Sendmail become open relay
paul at ifdnrg.com
Mon Sep 8 14:26:55 UTC 2008
This might be more general advice than a specific help, but i've found
most bad mail originating from me comes from php driven forum sites.
After originally patching the php src to log sitenames that send mail, i
found enabling MAILHEAD support in php build adds customs headers which
help to identify the site anyway.
I plan on adding a milter to pick these up dynamically, but for now, it
helps identify sites from stuck items in mailq.
i.e a grep into mailq for X-PHP-Script
www.siteonserver.com/signup.php for x.101.27.178
Its easy to spot dubious scripts as the ip is commonly the same.
lyd mc wrote:
> Hi guys need help..
> My mailserver become an open relay.
> Unknown user can now send mail.
> snippet from mailq
> m88C8iWq042874 689 Mon Sep 8 20:08 <osxch at mail.mydomain.com>
> (Deferred: Name server: mx1.mail.tw.yahoo.com.: host name loo)
> <chenaa00 at yahoo.com.tw>
> <chena0.tw at yahoo.com.tw>
> <chena0877 at yahoo.com.tw>
> <chena0 at yahoo.com.tw>
> <chena11 at yahoo.com.tw>
> <chena121959330 at yahoo.com.tw>
> <chena1238 at yahoo.com.tw>
> <chena186890 at yahoo.com.tw>
> <chena1966 at yahoo.com.tw>
> <chena20155 at yahoo.com.tw>
> <chena226 at yahoo.com.tw>
> <chena22 at yahoo.com.tw>
> <chena26232000 at yahoo.com.tw>
> I don't have user 'osxch' and there others can also send..
> best regars thnx
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
<http://www.ifdnrg.com> *Ultra fast and secure web hosting
Live and on demand video streaming
Custom online Solutions *
paul at ifdnrg.com <mailto:paul at ifdnrg.com>
127 Rose St South Lane, Edinburgh, EH2 4BB
More information about the freebsd-questions