Subject: Re: what's wrong with my sendmail?
From: Mike Tibor (tibor@lib.uaa.alaska.edu)
Date: Thu Nov 13 2003 - 07:47:46 AKST
On Thu, 13 Nov 2003, Justin Dieters wrote:
>
> Okay, so GCI killed my cable modem connection today, because my sendmail
> server was supposedly relaying messages it wasn't supposed to. I've had
> it up for a long time, and I thought it was fairly well set up, so this
> comes as news to me.
>
> Under relay-domains, all I had was "192.168", so that I could send mail
> from the other computers on my network. Now, I took that out, so I have
> to either SSH into the server and send mail that way, or use
> squirrelmail (webmail inteface).
>
> Looking through my logs, all I see normal (non-spam) messages, and the
> occasional "Relaying Denied". I've tested my server using 'telnet
> relay-test.mail-abuse.org' and several other online testing services,
> and they all come back clean.
>
> GCI gave me the from and to addresses on some of the culprit e-mails,
> and these don't appear in my logs anywhere.
>
> My smoothwall is set up to only allow SSH, http, and smtp through, and
> they are forwarded to my server on the orange network, so that should be
> pretty secure - unless there might be a vulnerability in squirellmail,
> but since I don't see anything suspicious in my logs, I'm thinking that
> isn't the problem.
>
> Anyone know what might be going on?
Post the headers that GCI says is evidence that your server was an open
relay so we can check it out. It may be that a junior admin at GCI was a
little hasty in jumping to the conclusion that you were open, or it may be
that you were actually open.
Mike
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Thu Nov 13 2003 - 07:47:49 AKST