Open Mail Relay
bonomi at mail.r-bonomi.com
Mon Aug 16 18:22:38 UTC 2010
> From owner-freebsd-questions at freebsd.org Sun Aug 15 15:15:43 2010
> Date: Sun, 15 Aug 2010 22:15:57 +0200
> From: Erik Norgaard <norgaard at locolomo.org>
> To: freebsd-questions at freebsd.org
> Subject: Re: Open Mail Relay
> On 15/08/10 13.57, peter at vfemail.net wrote:
> > Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail. How would I go about locating that other mailer?
> If the messages are indeed relayed through your server then you can see
> it in the logs and in the Received header field which host is sending
> the mail to your server.
*IF* it is just a case of the 'intended to be used' mail server is mis-
configured, and allowing relaying, that is correct.
*IF*, OTOH, the machine has been broken-into/compromised/"owned", then
the 'bad guys' are fully capable of installing their _own_ mail-sending
software --software that does *NOT* record anything in the normal log files.
This kind of software is 'maliciously built' to leave *no* tracks with
regard to incoming _or_ outgoing connections from/to other hosts.
> If somebody forges mail to appear to come from your domain, but not
> relayed through your server there is really not much you can do. Only
> the recipient server can reject the mails.
> Some servers support spf and you can help other servers know that mail
> from your domain must originate from your server by adding a txt entry
> in your dns.
> BR, Erik
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions