On Nov 12, 2008, at 5:08 PM, Jerry Geis <geisj at pagestation.com> wrote: > > lists-centos wrote: >> sorry, the start page is: >> >> <http://www.abuse.net/relay.html> >> >> >> look at the headers of the original messages (probably included as >> attachments) that sbcglobal is sending back. it's very possible that >> a spammer has forged an address from your machine on their outbound >> spam, and sbcglobal is bouncing that, (rather than rejecting, >> because they haven't a clue), generating scatter-back spam. >> >> >> - Rick >> >> ------------ Original Message ------------ >> >>> Date: Wednesday, November 12, 2008 04:44:02 PM -0500 >>> From: Jerry Geis <geisj at pagestation.com> >>> To: CentOS ML <centos at centos.org> >>> Subject: Re: [CentOS] close open relay >>> >>> lists-centos wrote: >>> >>>> You have to have changed more than just the sendmail.mc/cf to >>>> make a default centos sendmail setup an open mail relay. >>>> >>>> Your /etc/mail/access file is where things are defined as to what >>>> you relay for. The /etc/mail/local-host-names effects what you >>>> accept mail for. >>>> >>>> Make certain that what you're using to test that's it's an open >>>> relay is reporting things correctly. There's a difference between >>>> sendmail being "open" (accepting mail from the outside) and an >>>> "open relay". The former is expected from a mail server, the >>>> latter is a problem. >>>> >>>> I use: >>>> >>>> <http://verify.abuse.net/cgi-bin/relaytest> >>>> >>>> which runs through a range of tests. I tried it against your >>>> 24.123.23.170 mail server a few min. ago and all was fine. >>>> >>>> - Rick >>>> >>>> ------------ Original Message ------------ >>>> >>>>> Date: Wednesday, November 12, 2008 03:33:11 PM -0500 >>>>> From: Jerry Geis <geisj at pagestation.com> >>>>> To: CentOS ML <centos at centos.org> >>>>> Subject: [CentOS] close open relay >>>>> >>>>> hi all, running centos 4.7 i686. >>>>> >>>>> I seem to have an o pen r elay sendmail server. >>>>> How do I close it? >>>>> >>>>> I have the STRAIGHT centos install sendmail.mc file. >>>>> Only thing I changed was: >>>>> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl >>>>> >>>>> so as to allow incoming email and not just localhost. however >>>>> this seems to relay everyone. >>>>> >>>>> I looked at http://www.sendmail.org/tips/relaying but it just >>>>> talks about (AFIKT) >>>>> enabling specific relays to occur - not how to CLOSE the >>>>> relaying. >>>>> >>>>> How do I close the relay? >>>>> >>>>> Jerry >>>>> _______________________________________________ >>>>> CentOS mailing list >>>>> CentOS at centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos >>>>> >>>> ------------ End Original Message ------------ >>>> >>>> >>>> >>>> >>> When I run the following I get broken web page: >>> >>> http://verify.abuse.net/cgi-bin/relaytest >>> >>> >>> I am getting investigating all this as I am getting return emails >>> from sbcglobal that I am spam. >>> >>> Jerry >>> >>> >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >> >> ------------ End Original Message ------------ >> >> >> >> > > Sure enough I tried your test and that looks good... > > HOwever, when i run this test: > HELO example.com > MAIL From: TheBoss at example.com > RCPT To: geisj at pagestation.com > DATA > Subject: Think we're insecure... > I have a feeling our mail server is being abused... > . > QUIT > > and paste that into port 25 of my server (telnet I'm talking) > I get the email and I should not ( I presume) as I am not example.com. That's not relaying. A true test is if you telnet from a public ip to your SMTP port and try to send an email to a domain that isn't yours, like a gmail account, does it go through. It shouldn't, but it should if sent from an internal ip. Basically you need a file of hosts/networks allowed to relay to any domain (your internal hosts), and a file of domains that are allowed to be relayed by anyone (domains you handle). Can't remember their names, look in /etc/mail/Makefile for hints. -Ross