for some reason, spammers are getting through TLS
and are bypassing/ignoring access database? I poured
over the Internet but have yet to figure it out...
How can I prevent spammers from using my sendmail
server as an open relay even though open-relay is closed?
Note STARTTLS=client and deferred deliveries when
mail delivery fails and returns errors to my email server?
/var/log/maillog small sample reveals:
Apr 20 11:26:33 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:36 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt1.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:37 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt2.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:39 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt3.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:41 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt4.gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:42 <MYEMAILSERVER> sendmail[1817]: s3K1ceVt003083:
to=<kshitijbansal23@xxxxxxxxx>,<luke.m.armstrong@xxxxxxxxx>,<mercedesyardley@xxxxxxxxx>,<misti.wolanski@xxxxxxxxx>,<mzlangston@xxxxxxxxx>,<rat.latin.org@xxxxxxxxx>,<richardthepoet@xxxxxxxxx>,<rohith003@xxxxxxxxx>,<treycooper@xxxxxxxxx>,
delay=16:47:57, xdelay=00:00:09, mailer=esmtp, pri=77257,
relay=alt4.gmail-smtp-in.l.google.com. [173.194.75.26], dsn=4.0.0,
stat=Deferred: 421-4.7.0 [50.126.86.236 15] Our system has detected
an unusual rate of
Apr 20 11:26:42 <MYEMAILSERVER> sendmail[1817]: s3K4nDlG014204:
to=<akang488@xxxxxxxxx>,<kevin.mckinn@xxxxxxxxx>,<mmaness@xxxxxxxxx>,<nflagola@xxxxxxxxx>,
delay=13:37:14, xdelay=00:00:00, mailer=esmtp, pri=67111,
relay=alt4.gmail-smtp-in.l.google.com., dsn=4.0.0, stat=Deferred
Apr 20 11:26:43 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=aspmx.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:45 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt1.aspmx.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:46 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=alt2.aspmx.l.google.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:47 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=aspmx2.googlemail.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:48 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=aspmx3.googlemail.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:49 <MYEMAILSERVER> sendmail[1817]: s3K4nDlK014204:
to=<announcements@xxxxxxxxxxxxxxxxxxxxxx>, delay=13:36:45,
xdelay=00:00:06, mailer=esmtp, pri=64282, relay=aspmx3.googlemail.com.
[74.125.196.26], dsn=4.0.0, stat=Deferred: 421-4.7.0 [50.126.86.236
15] Our system has detected an unusual rate of
Apr 20 11:26:49 <MYEMAILSERVER> sendmail[1817]: s3K4nDlK014204:
to=<redbarn.kennedy@xxxxxxxxx>, delay=13:36:45, xdelay=00:00:00,
mailer=esmtp, pri=64282, relay=alt4.gmail-smtp-in.l.google.com.,
dsn=4.0.0, stat=Deferred
Apr 20 11:26:52 <MYEMAILSERVER> sendmail[1817]: s3K51Tx3015146:
to=<leah@xxxxxxxxxxxxxxx>,<bphouben@xxxxxxxxxxxxxx>,<leveson@xxxxxxxxxxx>,
delay=13:25:18, xdelay=00:00:00, mailer=esmtp, pri=66225,
relay=aspmx2.googlemail.com., dsn=4.0.0, stat=Deferred
Apr 20 11:26:52 <MYEMAILSERVER> sendmail[1817]: s3K51Tx3015146:
to=<leah@xxxxxxxxxxxxxxx>, delay=13:25:18, xdelay=00:00:00,
mailer=esmtp, pri=66225, relay=aspmx3.googlemail.com., dsn=4.0.0,
stat=Deferred
Apr 20 11:26:52 <MYEMAILSERVER> sendmail[1817]: s3K51Tx3015146:
to=<bethrosler@xxxxxxxxx>,<delphine67@xxxxxxxxx>, delay=13:25:18,
xdelay=00:00:00, mailer=esmtp, pri=66225,
relay=alt4.gmail-smtp-in.l.google.com., dsn=4.0.0, stat=Deferred
Apr 20 11:26:55 <MYEMAILSERVER> sendmail[1817]: s3K51Tx5015146:
to=<DMankowski@xxxxxx>,<lisa@xxxxxxxxx>, delay=13:24:48,
xdelay=00:00:00, mailer=esmtp, pri=68195, relay=aspmx3.googlemail.com.,
dsn=4.0.0, stat=Deferred
Apr 20 11:26:56 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=aspmx5.googlemail.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:58 <MYEMAILSERVER> sendmail[1817]: STARTTLS=client,
relay=aspmx4.googlemail.com., version=TLSv1/SSLv3, verify=OK,
cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
Apr 20 11:26:59 <MYEMAILSERVER> sendmail[1817]: s3K51Tx5015146:
to=<DMankowski@xxxxxx>, delay=13:24:52, xdelay=00:00:04, mailer=esmtp,
pri=68195, relay=aspmx4.googlemail.com. [74.125.29.26], dsn=4.0.0,
stat=Deferred: 421-4.7.0 [50.126.86.236 15] Our system has detected
an unusual rate of
Apr 20 11:27:00 <MYEMAILSERVER> sendmail[1817]: s3K51Tx8015146:
to=<verify@xxxxxxxxxxxxxxxxxxx>, delay=13:23:54, xdelay=00:00:01,
mailer=esmtp, pri=60863, relay=relay05.reunion.com. [216.52.223.215],
dsn=4.0.0, stat=Deferred: Connection refused by relay05.reunion.com.
Apr 20 11:27:00 <MYEMAILSERVER> sendmail[1817]: s3K7IrL5023404:
to=<susan.creager@xxxxxxxxx>, delay=11:07:25, xdelay=00:00:00,
mailer=esmtp, pri=60276, relay=alt4.gmail-smtp-in.l.google.com.,
dsn=4.0.0, stat=Deferred
Apr 20 11:28:02 <MYEMAILSERVER> dovecot: imap(dant): Disconnected:
Logged out in=123 out=611
Apr 20 11:28:39 <MYEMAILSERVER> sendmail[2019]: starting daemon
(8.14.7): SMTP+queueing@01:00:00
Apr 20 11:28:40 <MYEMAILSERVER> sm-msp-queue[2035]: starting daemon
(8.14.7): queueing@01:00:00
Apr 20 11:42:46 <MYEMAILSERVER> sendmail[3038]: AUTH=server,
relay=90.148.226.111.dynamic.saudi.net.sa [90.148.226.111] (may be
forged), authid=kimt@xxxxxxxxx, mech=PLAIN, bits=0
Apr 20 11:43:49 <MYEMAILSERVER> sendmail[3038]: s3KIgjev003038: lost
input channel from 90.148.226.111.dynamic.saudi.net.sa [90.148.226.111]
(may be forged) to MTA after rcpt
Apr 20 11:43:49 <MYEMAILSERVER> sendmail[3038]: s3KIgjev003038:
from=<slugs61@xxxxxxx>, size=0, class=0, nrcpts=5, proto=ESMTP,
daemon=MTA, relay=90.148.226.111.dynamic.saudi.net.sa [90.148.226.111]
(may be forged)
Apr 20 12:01:32 <MYEMAILSERVER> sendmail[4258]: s3KJ1U19004258:
ruleset=check_rcpt, arg1=<4a0770cb.90406@xxxxxxxxx>,
relay=[58.217.76.110], reject=553 5.3.0 <4a0770cb.90406@xxxxxxxxx>...
Rejected [58.217.76.110] by barracudacentral.org
Apr 20 12:01:33 <MYEMAILSERVER> sendmail[4258]: s3KJ1U19004258: lost
input channel from [58.217.76.110] to MTA after rcpt
Apr 20 12:01:33 <MYEMAILSERVER> sendmail[4258]: s3KJ1U19004258:
from=<neogjutj@xxxxxxxxx>, size=0, class=0, nrcpts=0, proto=ESMTP,
daemon=MTA, relay=[58.217.76.110]
Apr 20 12:01:36 <MYEMAILSERVER> sendmail[4259]: s3KJ1Z2O004259:
ruleset=check_rcpt, arg1=<4a076efa.3000309@xxxxxxxxx>,
relay=[58.217.76.110], reject=553 5.3.0 <4a076efa.3000309@xxxxxxxxx>...
Rejected [58.217.76.110] by barracudacentral.org
Apr 20 12:01:37 <MYEMAILSERVER> sendmail[4259]: s3KJ1Z2O004259: lost
input channel from [58.217.76.110] to MTA after rcpt
Apr 20 12:01:37 <MYEMAILSERVER> sendmail[4259]: s3KJ1Z2O004259:
from=<zwryzrli@xxxxxxxxx>, size=0, class=0, nrcpts=0, proto=ESMTP,
daemon=MTA, relay=[58.217.76.110]
Apr 20 12:01:48 <MYEMAILSERVER> sendmail[4281]: s3KJ1mq4004281:
[58.217.76.110] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr 20 12:03:46 <MYEMAILSERVER> sendmail[4360]: s3KJ3FVJ004360:
[41.142.58.109] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
