Hello Everyone! I new here, i have wroute this message, because my server was spam attacked, from 22 to 29 jan. Today i have found that i have relay bug in /etc/mail/access. And i need help to sove that. At 6:00 CET, i have logged in, and found that 90% of CPU was consumed by unkow proceses. It was strange, because linux box is powerfull. $ps aux gives me sure that 90 times was runing sendmail. Next /var/spool/mail/root was 800MB size, full of MAILER-DAEMON. Next /var/mail/mqueu has 300.000 files waited for later delivery. Some one found my sendmail server as spam sender, it was 100% sure. I was countinue to investigate probelm, and found that /etc/mail/access list have one to more IP. Here i must describe network layout : NAT-GATEWAY IP is public xxx.xxx.xxx.xxx. This box have two eths, inside is 192.168.0.2. The sendmail box have eth0 192.168.0.3. I have dos SNAT and DNAT at xxx.xxx.xxx.xxx box, to redirect ports 25 and 110 to 192.168.0.3. So now, the sendmail server see the internet via 192.168.0.2, and this was the key. Sendmail accepst all mails send to delivery via IP 192.168.0.3. Here is situation right now , log: =================================== Jan 29 08:48:21 greattower sendmail[14542]: h0T7jR8C014542: ruleset=check_rcpt, arg1=<fudcr@bellsouth.net>, relay=my.domain [xxx.xxx.xxx.xxx] (may be forged), reject=550 5.7.1 <fudcr@bellsouth.net>... Relaying denied. IP name possibly forged [xxx.xxx.xxx.xxx] ========================== So i have edited my /etc/mail/access and erase 192.168.0.2 RELAY This was solution, spamers soon or later, found that his emails is rejected, and stop to do its crime. But i have problem. Now my POP3 and SMTP ports are not working for people form outside of my network (7000 yard long and 150 machine LANed). This is problem, because many of my network people are in travel and want to send/receive their mail. Here is question, how to open send/recevie mail for outside peoples without beeing a remailer? How to detect that his or she have mail account on my server? Thank for attention, and sorry for english. TP __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
