Open Mail Relay

Robert Bonomi bonomi at
Mon Aug 16 18:22:38 UTC 2010

> From owner-freebsd-questions at  Sun Aug 15 15:15:43 2010
> Date: Sun, 15 Aug 2010 22:15:57 +0200
> From: Erik Norgaard <norgaard at>
> To: freebsd-questions at
> Subject: Re: Open Mail Relay
> On 15/08/10 13.57, peter at wrote:
> > Assume, as Mr. Bonomi suggests, that some bad guy has installed some type of additional mailer on the machine or another machine that's allowed to relay mail.  How would I go about locating that other mailer?
> If the messages are indeed relayed through your server then you can see 
> it in the logs and in the Received header field which host is sending 
> the mail to your server.

*IF* it is just a case of the 'intended to be used' mail server is mis-
configured, and allowing relaying, that is correct.

*IF*, OTOH, the machine has been broken-into/compromised/"owned", then
the 'bad guys'  are fully capable of installing their _own_ mail-sending
software --software that does *NOT* record anything in the normal log files.
This kind of software is 'maliciously built' to leave *no* tracks with 
regard to incoming _or_ outgoing connections from/to other hosts.
> If somebody forges mail to appear to come from your domain, but not 
> relayed through your server there is really not much you can do. Only 
> the recipient server can reject the mails.
> Some servers support spf and you can help other servers know that mail 
> from your domain must originate from your server by adding a txt entry 
> in your dns.
> BR, Erik
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"

More information about the freebsd-questions mailing list