On Nov 12, 2008, at 5:08 PM, Jerry Geis geisj@pagestation.com wrote:
lists-centos wrote:
sorry, the start page is:
http://www.abuse.net/relay.html
look at the headers of the original messages (probably included as attachments) that sbcglobal is sending back. it's very possible that a spammer has forged an address from your machine on their outbound spam, and sbcglobal is bouncing that, (rather than rejecting, because they haven't a clue), generating scatter-back spam.
- Rick------------ Original Message ------------
Date: Wednesday, November 12, 2008 04:44:02 PM -0500 From: Jerry Geis geisj@pagestation.com To: CentOS ML centos@centos.org Subject: Re: [CentOS] close open relay
lists-centos wrote:
You have to have changed more than just the sendmail.mc/cf to make a default centos sendmail setup an open mail relay.
Your /etc/mail/access file is where things are defined as to what you relay for. The /etc/mail/local-host-names effects what you accept mail for.
Make certain that what you're using to test that's it's an open relay is reporting things correctly. There's a difference between sendmail being "open" (accepting mail from the outside) and an "open relay". The former is expected from a mail server, the latter is a problem.
I use:
http://verify.abuse.net/cgi-bin/relaytest
which runs through a range of tests. I tried it against your 24.123.23.170 mail server a few min. ago and all was fine.
- Rick
------------ Original Message ------------
Date: Wednesday, November 12, 2008 03:33:11 PM -0500 From: Jerry Geis geisj@pagestation.com To: CentOS ML centos@centos.org Subject: [CentOS] close open relay
hi all, running centos 4.7 i686.
I seem to have an o pen r elay sendmail server. How do I close it?
I have the STRAIGHT centos install sendmail.mc file. Only thing I changed was: dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
so as to allow incoming email and not just localhost. however this seems to relay everyone.
I looked at http://www.sendmail.org/tips/relaying but it just talks about (AFIKT) enabling specific relays to occur - not how to CLOSE the relaying.
How do I close the relay?
Jerry _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
------------ End Original Message ------------
When I run the following I get broken web page:
http://verify.abuse.net/cgi-bin/relaytest
I am getting investigating all this as I am getting return emails from sbcglobal that I am spam.
Jerry
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
------------ End Original Message ------------
Sure enough I tried your test and that looks good...
HOwever, when i run this test: HELO example.com MAIL From: TheBoss@example.com RCPT To: geisj@pagestation.com DATA Subject: Think we're insecure... I have a feeling our mail server is being abused... . QUIT
and paste that into port 25 of my server (telnet I'm talking) I get the email and I should not ( I presume) as I am not example.com.
That's not relaying. A true test is if you telnet from a public ip to your SMTP port and try to send an email to a domain that isn't yours, like a gmail account, does it go through. It shouldn't, but it should if sent from an internal ip.
Basically you need a file of hosts/networks allowed to relay to any domain (your internal hosts), and a file of domains that are allowed to be relayed by anyone (domains you handle).
Can't remember their names, look in /etc/mail/Makefile for hints.
-Ross