sendmail: open-relay
Ian Smith
smithi at nimnet.asn.au
Tue Jan 5 04:43:58 UTC 2010
In freebsd-questions Digest, Vol 292, Issue 3, Message: 10
On Mon, 04 Jan 2010 13:42:28 +0000 Matthew Seaman <m.seaman at infracaninophile.co.uk> wrote:
> Peter Ulrich Kruppa wrote:
> > Am Montag, den 04.01.2010, 13:02 +0000 schrieb Matthew Seaman:
> >> Peter Ulrich Kruppa wrote:
>
> >>> I am running my own small mail-server, i.e. I use my desktop pc for
> >>> sending and receiving my private mails.
> >>> That worked quite nicely the last years. From time to time I tested
> >> my
> >>> mail-server via abuse.net's mail-relay tester. - Never got any
> >>> positives.
> >>> Now suddenly I receive one:
>
> >>> Any ideas?
> >> Plenty. But it would help a great deal if you showed us your
> >> ${hostname}.mc.
>
> > O.K. this is my complete pukruppa.net.mc
> > --------------------------------------------
> > divert(-1)
> > #
> [...]
>
> which is exactly the same as the default freebsd.mc -- nothing suspicious
> there.
Well, except as you said later, how then is SA being invoked from that
.mc file, unless the sendmail.cf in use maybe wasn't made from that .mc?
I'd suggest:
# cd /etc/mail
copy the present sendmail.cf (and maybe submit.cf) for diff later
# make cf # read the nice Makefile
# diff sendmail.cf.old sendmail.cf # expecting nothing
> Hmmm... anything unusual (ie to do with domains not local to your machine)
> in /etc/mail/local-host-names or /etc/mail/virtusertable or
> /etc/mail/mailertable? You're definitely running with that config file,
If it was in fact last compiled to the present sendmail.cf, yes.
I'd also check that abuse.net or its IP address[es] don't appear in
relay-domains (aka sendmail.cR) - which sounds like a long shot, but
might explain the behaviour. Or an 'abuse.net RELAY' in access[.db]?
Jerry's test seems to have ruled out general open relay behaviour.
> and you don't have anything like OpenBSD spamd(8) running that could
> intercept incoming SMTP traffic?
Even so, should spamd ever send or bounce mail?
> If that's so, then I can't see how your machine could be an open
> relay. The abuse.net relay tester must have been having a bad day.
> In fact, can you find the records in /var/mail/maillog to show
> abuse.net's server connecting to yours in order to do the testing?
> It may be that it was connecting to somewhere else entirely. Or it
> was somehow trying to test relaying using an address that was somehow
> actually valid on your system.
Indeed. Unless there's a 'to=<[*.]abuse.net> [...] stat=Sent' line in
maillog then or later, your Bad Day Theory sounds quite likely.
cheers, Ian
More information about the freebsd-questions
mailing list