sendmail: open-relay

Ian Smith smithi at nimnet.asn.au
Tue Jan 5 04:43:58 UTC 2010 

In freebsd-questions Digest, Vol 292, Issue 3, Message: 10
On Mon, 04 Jan 2010 13:42:28 +0000 Matthew Seaman <m.seaman at infracaninophile.co.uk> wrote:
 > Peter Ulrich Kruppa wrote:
 > > Am Montag, den 04.01.2010, 13:02 +0000 schrieb Matthew Seaman: 
 > >> Peter Ulrich Kruppa wrote:
 > 
 > >>> I am running my own small mail-server, i.e. I use my desktop pc for
 > >>> sending and receiving my private mails.
 > >>> That worked quite nicely the last years. From time to time I tested
 > >> my
 > >>> mail-server via abuse.net's mail-relay tester. - Never got any
 > >>> positives.
 > >>> Now suddenly I receive one:
 > 
 > >>> Any ideas?
 > >> Plenty.  But it would help a great deal if you showed us your
 > >> ${hostname}.mc.
 > 
 > > O.K. this is my complete pukruppa.net.mc
 > > --------------------------------------------
 > > divert(-1)
 > > #
 > [...]
 > 
 > which is exactly the same as the default freebsd.mc -- nothing suspicious
 > there.

Well, except as you said later, how then is SA being invoked from that 
.mc file, unless the sendmail.cf in use maybe wasn't made from that .mc?

I'd suggest:
  # cd /etc/mail
  copy the present sendmail.cf (and maybe submit.cf) for diff later
  # make cf				# read the nice Makefile
  # diff sendmail.cf.old sendmail.cf	# expecting nothing

 > Hmmm...  anything unusual (ie to do with domains not local to your machine)
 > in /etc/mail/local-host-names or /etc/mail/virtusertable  or 
 > /etc/mail/mailertable?  You're definitely running with that config file,

If it was in fact last compiled to the present sendmail.cf, yes.

I'd also check that abuse.net or its IP address[es] don't appear in 
relay-domains (aka sendmail.cR) - which sounds like a long shot, but 
might explain the behaviour.  Or an 'abuse.net RELAY' in access[.db]?

Jerry's test seems to have ruled out general open relay behaviour.

 > and you don't have anything like OpenBSD spamd(8) running that could 
 > intercept incoming SMTP traffic?

Even so, should spamd ever send or bounce mail?

 > If that's so, then I can't see how your machine could be an open 
 > relay.  The abuse.net relay tester must have been having a bad day.  
 > In fact, can you find the records in /var/mail/maillog to show 
 > abuse.net's server connecting to yours in order to do the testing?  
 > It may be that it was connecting to somewhere else entirely.  Or it 
 > was somehow trying to test relaying using an address that was somehow 
 > actually valid on your system.

Indeed.  Unless there's a 'to=<[*.]abuse.net> [...] stat=Sent' line in 
maillog then or later, your Bad Day Theory sounds quite likely.

cheers, Ian

More information about the freebsd-questions mailing list