Subject: Re: Relay problems ... spam???
From: James Gibson (twistedhammer@subdimension.com)
Date: Sun Dec 02 2001 - 16:02:04 AKST
On 2 Dec 2001, at 14:48, Grant Stockly wrote:
>
> How do I make sure that my mail server won't be used as a spam relay?
> I've included my mc and domain m4 files. I found this today and its
> pretty strange. How is stockly.com related to this yahoo message?
> This is the ONLY complaint I've ever received!
I'm gonna let someone else cover the "How to lock it down" end, as
I'm far from experienced (especially with Sendmail) but I 'll give you
what I'm reading from these headers, as at least that's something..
As best as I can tell (as some of the headers have some
strangeness going on) The message was sent from someone
claiming to be achandross@servicenetbest.com to the address
justiceron@yahoo.com . stockly.com was the originating SMTP
relay server, so you would seem to be correct that your server is
misconfigured.
> --- achandross@servicenetbest.com wrote:
> > From achandross@servicenetbest.com Fri Sep 28
> > 06:28:53 2001
AFAIK the above header is generated at local delivery time, so
might not mean anything..
> > X-Apparently-To: justiceron@yahoo.com via web10101;
> > 27 Sep 2001 23:28:54 -0700 (PDT)
> > Return-Path: <achandross@servicenetbest.com>
> > X-YahooFilteredBulk: 24.237.5.3
> > Received: from cable-3-5-237-24.anchorageak.net
> > (EHLO stockly.com) (24.237.5.3)
> > by mta548.mail.yahoo.com with SMTP; 27 Sep 2001
> > 23:20:42 -0700 (PDT)
The above transaction shows yahoo.coms SMTP server from your
cable modem (Reverse-DNS shows it as stockly.com [The EHLO
part]). the X-Apparently-To: Header really only gives the only
reference to justiceron@yahoo.com
> > Received: from mail.servicenetbest.com
> > (ppp-65-90-169-168.mclass.broadwing.net
> > [65.90.169.168])
> > by stockly.com (8.8.8/8.8.8) with SMTP id GAA21918;
> > Thu, 27 Sep 2001 06:54:30 -0700 (PDT)
This is the original posting from the guys machine to stockly.com's
mail-server... The 2nd line shows the guy has a dial-up connection
with broadwing.net, a large ISP in the lower 48 (from looking at
their web-site.. never heard of them before this..) and gives his IP
address at the time-stamp listed on the 5th line. Theoretically you
could contact Broadwing and ask them to do something about this
guy.. YMMV however (I have heard that large ISPs only tend to fry
the big fish.)
> > From: achandross@servicenetbest.com
> > Message-ID:
> >
> <00003ca14577$000073c1$000063ac@mail4.servicenetbest.com>
> > To: <achandross@servicenetbest.com>
This line confuses me... 'cause, judging from the envelope headers
(the transaction logs above, before the 'From:' line) it should by all
rights say justiceron@yahoo.com. *shrugs* maybe one of the more
experienced gurus on the list can clarify this..
> > Subject: Government Grants For You.....
> > Date: Fri, 28 Sep 2001 01:16:11 -0500
> > MIME-Version: 1.0
> > Content-Type: text/html;
> > charset="iso-8859-1"
> > Content-Transfer-Encoding: quoted-printable
> > X-Priority: 3
> > X-MSMail-Priority: Normal
> > Content-Length: 2428
James Gibson
twistedhammer@subdimension.com
This archive was generated by hypermail 2a23 : Sun Dec 02 2001 - 16:01:56 AKST