Do I have an open relay?

Steven Wiltshire steven at mig15.net
Thu Jun 19 05:41:59 PDT 2003 

Hello Andreas,

You may have an open relay.

What does your "/etc/mail/access" file look like? It should contain the 
networks or IP addresses you wish to be able to use your server to relay 
through.

For example, mine looks similar to this:
--------------------------

10.0.0          RELAY
127.0.0.1   RELAY

(where my local network is 10.0.0.0/24)

--Steven

Andreas Widerøe Andersen wrote:

> Hi,
> I'm a bit nervous here. Recently I've started getting 20-25 mails to 
> my Postmaster account on my FreeBSD 4.8RC server running Sendmail 
> 8.12.8/8.12.8 each day with a message to Postmaster that the mail 
> could not be delivered.
>
> In the daily run output from the server I see messages like these:
>
> Mail in local queue:
>                 /var/spool/mqueue (15 requests)
> -----Q-ID----- --Size-- -----Q-Time----- 
> ------------Sender/Recipient-----------
> h5IGWCj5047460     4477 Wed Jun 18 18:44 MAILER-DAEMON
>                  (Deferred: Connection refused by mobilemice.com.)
>                                         <RevaO at mobilemice.com>
> h5HJ1xj4020111     4251 Tue Jun 17 21:03 MAILER-DAEMON
>                  (Deferred: Connection refused by distanteye.com.)
>                                         <FKettle at distanteye.com>
> h5HFHEj3015655     3298 Tue Jun 17 17:17 MAILER-DAEMON
>                  (host map: lookup (triplepipe.com): deferred)
>                                         <Jestine.Lack at triplepipe.com>
>
> I have no relations with these hosts.
>
> In the maillog from the server I see this:
>
> Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939: 
> to=<AshleighA at distanteye.com>, delay=3+10:06:00, xdelay=00:00:00, 
> mailer=esmtp, pri=15062899, relay=distanteye.com., dsn=4.0.0, 
> stat=Deferred: Connection refused by distanteye.com.
> Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159: 
> to=<AshleighA at distanteye.com>, delay=3+14:25:00, xdelay=00:00:00, 
> mailer=esmtp, pri=15962899, relay=distanteye.com., dsn=4.0.0, 
> stat=Deferred: Connection refused by distanteye.com.
> Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158: 
> to=af at fvr.no,bw at fvr.no,gs at fvr.no,hr at fvr.no,rh at fvr.no, 
> delay=3+14:28:25, xdelay=00:01:38, mailer=esmtp, pri=16261875, 
> relay=mailgw.c2i.net., dsn=4.0.0, stat=Deferred: 450 Unable to find 
> distanteye.com
> Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115: 
> to=<Hanemann.Bryanna at mobilemice.com>, delay=4+11:37:52, 
> xdelay=00:00:00, mailer=esmtp, pri=19742831, relay=mobilemice.com., 
> dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com.
> Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414: 
> to=<Hanemann.Bryanna at mobilemice.com>, delay=4+15:54:08, 
> xdelay=00:00:00, mailer=esmtp, pri=20642831, relay=mobilemice.com., 
> dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com.
>
> The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*.
>
> I've manually configured my .mc file which looks like this (I'm 
> running Procmail and Spamassassin):
>
> divert(0)
> VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 
> 2002/11/14 03:21:18 keramida Exp $')
> OSTYPE(freebsd4)
> DOMAIN(generic)
>
> FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
> FEATURE(blacklist_recipients)
> FEATURE(local_lmtp)
> FEATURE(mailertable, `hash -o /etc/mail/mailertable')
> FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
>
> dnl Uncomment to allow relaying based on your MX records.
> dnl NOTE: This can allow sites to use your server as a backup MX without
> dnl       your permission.
> dnl FEATURE(relay_based_on_MX)
> dnl DNS based black hole lists
> dnl --------------------------------
> dnl DNS based black hole lists come and go on a regular basis
> dnl so this file will not serve as a database of the available servers.
> dnl For that, visit
> dnl 
> http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/
>
> dnl Uncomment to activate Realtime Blackhole List
> dnl information available at http://www.mail-abuse.com/
> dnl NOTE: This is a subscription service as of July 31, 2001
> dnl FEATURE(dnsbl)
> dnl Alternatively, you can provide your own server and rejection message:
> dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " 
> $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" 
> $&{client_add
> r}')
>
> dnl Dialup users should uncomment and define this appropriately
> dnl define(`SMART_HOST', `your.isp.mail.server')
>
> dnl Uncomment the first line to change the location of the default
> dnl /etc/mail/local-host-names and comment out the second line.
> dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
> define(`confCW_FILE', `-o /etc/mail/local-host-names')
>
> dnl Uncomment both of the following lines to listen on IPv6 as well as 
> IPv4
> dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet')
> dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
>
> define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
> define(`confMAX_MIME_HEADER_LENGTH', `256/128')
> define(`confNO_RCPT_ACTION', `add-to-undisclosed')
> define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
> FEATURE(local_procmail)
> MAILER(local)
> MAILER(smtp)
>
> If I try to telnet to my server from "somewhere" I get relaying denied 
> so I think I've got it right, but somehow I have a feeling someone is 
> getting through somehow. I'm running Apache, MySQL, PHP and other 
> "webserver" related apps on the same machine.
>
> Thanks for any help!
> Andreas
>
>
> ---
> Andreas Widerøe Andersen <awand at pragma.no>
> Pragma AS
>
> http://www.pragma.no
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to 
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list