Open Mail Relay
peter at vfemail.net
peter at vfemail.net
Sun Aug 15 15:20:32 UTC 2010
At 05:13 PM 8/14/2010, Robert Bonomi wrote:
>> From owner-freebsd-questions at freebsd.org Sat Aug 14 12:22:50 2010
>> Date: Sat, 14 Aug 2010 09:29:54 -0400
>> To: freebsd-questions at freebsd.org
>> From: peter at vfemail.net
>> Subject: Open Mail Relay
>> I have a machine running FreeBSD, sendmail and majordomo. I have someone who is on one of those majordomo lists complaining that they are receiving spam from me. The complainer says I have an open mail relay that I need to fix.
>> I went to <http://www.abuse.net/relay.html>http://www.abuse.net/relay.html to test the machine using its IP address. Abuse.net gives a clean bill of health, saying relaying was denied in 17 separate tests.
>> I've reviewed my mail logs for the past couple of days and I can't find any entries for any mail addressed to the complainer's domain name except mail that should have been sent.
>> Is Abuse.net's test adequate to rule out an open mail relay problem?
>There are -several- possible sources of spam to that list user.
>The abusenet open-relay tests check only one of them.
>The machine ay be compromised (ie.e 'owned') andthe bad guys have
>installed their -own- mail-sending software on it. the logs that
>show activity from _your_ mail-sending software would, obviously,
>*not* show the activity of this other software.
>In additon, whatever mailinglist said user is subscribed to _may_ be set
>to take messaes from 'anybody', not just confirmed members of the list.
>Thirdly, some folks sign up for a list _just_ to send their off-topic
>commercial messages to it.
>NONE of those three scenarios are an 'open relay', but they all result
>in spam showing up in the list-subscriber's mailbox, that got there by
>_from_ your machine.
Thank you everyone for your many comments and suggestions. The level of talent and responsiveness on this list is nothing less than stunning.
I've requested copies of the offensive messages, and I'm hopeful the complainer will send me copies. I believe I have control over the majordomo lists -- postings are restricted to list members, postings are monitored, and many lists are moderated.
Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail. How would I go about locating that other mailer?
More information about the freebsd-questions