Re: close open relay

[Jerry Geis <geisj@xxxxxxxxxxxxxxx>]

lists-centos wrote:
> sorry, the start page is:
>
>  <http://www.abuse.net/relay.html>
>
>
> look at the headers of the original messages (probably included as
> attachments) that sbcglobal is sending back. it's very possible that
> a spammer has forged an address from your machine on their outbound
> spam, and sbcglobal is bouncing that, (rather than rejecting,
> because they haven't a clue), generating scatter-back spam.
>
>
>        - Rick
>
> ------------ Original Message ------------
>   
> > Date: Wednesday, November 12, 2008 04:44:02 PM -0500
> > From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
> > To: CentOS ML <centos@xxxxxxxxxx>
> > Subject: Re:  close open relay
> >
> > lists-centos wrote:
> >     
> > > You have to have changed more than just the sendmail.mc/cf to
> > > make a default centos sendmail setup an open mail relay.
> > >
> > > Your /etc/mail/access file is where things are defined as to what
> > > you  relay for. The /etc/mail/local-host-names effects what you
> > > accept mail for.
> > >
> > > Make certain that what you're using to test that's it's an open
> > > relay is reporting things correctly. There's a difference between
> > > sendmail being "open" (accepting mail from the outside) and an
> > > "open relay". The former is expected from a mail server, the
> > > latter is a problem.
> > >
> > > I use:
> > >
> > >   <http://verify.abuse.net/cgi-bin/relaytest>
> > >
> > > which runs through a range of tests. I tried it against your
> > > 24.123.23.170 mail server a few min. ago and all was fine.
> > >
> > >  - Rick
> > >
> > > ------------ Original Message ------------
> > >   
> > >       
> > > > Date: Wednesday, November 12, 2008 03:33:11 PM -0500
> > > > From: Jerry Geis <geisj@xxxxxxxxxxxxxxx>
> > > > To: CentOS ML <centos@xxxxxxxxxx>
> > > > Subject:  close open relay
> > > >
> > > > hi all, running centos 4.7 i686.
> > > >
> > > > I seem to have an o pen  r elay sendmail server.
> > > > How do I close it?
> > > >
> > > > I have the STRAIGHT centos install sendmail.mc file.
> > > > Only thing I changed was:
> > > > dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> > > >
> > > > so as to allow incoming email and not just localhost. however
> > > > this seems to relay everyone.
> > > >
> > > > I looked at http://www.sendmail.org/tips/relaying but it just
> > > > talks about (AFIKT)
> > > > enabling specific relays to occur - not how to CLOSE the
> > > > relaying.
> > > >
> > > > How do I close the relay?
> > > >
> > > > Jerry
> > > > _______________________________________________
> > > > CentOS mailing list
> > > > CentOS@xxxxxxxxxx
> > > > http://lists.centos.org/mailman/listinfo/centos
> > > >     
> > > >         
> > > ------------ End Original Message ------------
> > >
> > >
> > >
> > >   
> > >       
> > When I run the following I get broken web page:
> >
> > http://verify.abuse.net/cgi-bin/relaytest
> >
> >
> > I am getting investigating all this as I am getting return emails
> > from sbcglobal that I am spam.
> >
> > Jerry
> >
> >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > http://lists.centos.org/mailman/listinfo/centos
> >     
>
> ------------ End Original Message ------------
>
>
>
>   

Sure enough I tried your test and that looks good...

HOwever, when i run this test:
HELO example.com
MAIL From: TheBoss@xxxxxxxxxxx
RCPT To: geisj@xxxxxxxxxxxxxxx
DATA
Subject: Think we're insecure...
I have a feeling our mail server is being abused...
.
QUIT

and paste that into port 25 of my server (telnet I'm talking)
I get the email and I should not ( I presume) as I am not example.com.

Jerry
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos