little off topic: Am I an open relay?

Jason Williams jwilliams at COURTESYMORTGAGE.COM
Mon Jun 6 23:56:08 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Something very odd is happening and im a little concerned and im turning 
to the boards here for some help.

I have a mailgateway running here and so far, it has been perfect. All 
of the sudden, im seeing odd stuff from monster.com and yahoo.com.

Here is a snip:

Jun  6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: 
from=<support at monster.com>, size=1333, class=0, nrcpts=1, 
msgid=<200506062245.j56Mjj3x084146 at corpmail.courtesymortgage.com>, 
proto=ESMTP, daemon=MTA, relay=corpmail.courtesymortgage.com [xxx.xxx.xx.xx]

Jun  6 15:47:56 mail sm-mta-in[34390]: j56Mlt20034390: 
to=<bmalcolm at monster.com>, delay=00:00:01, mailer=esmtp, pri=31333, 
stat=queued
Jun  6 15:47:59 mail MailScanner[33566]: New Batch: Scanning 1 messages, 
1899 bytes
Jun  6 15:47:59 mail MailScanner[33566]: Spam Checks: Starting
Jun  6 15:47:59 mail MailScanner[33566]: Virus and Content Scanning: 
Starting
Jun  6 15:48:00 mail MailScanner[33566]: Found ip-based phishing fraud 
from 205.138.199.146 in j56Mlt20034390
Jun  6 15:48:00 mail MailScanner[33566]: Content Checks: Detected and 
have disarmed HTML message in j56Mlt20034390 from support at monster.com
Jun  6 15:48:00 mail MailScanner[33566]: Uninfected: Delivered 1 messages
Jun  6 15:48:02 mail sendmail[34401]: j56Mlt20034390: 
to=<bmalcolm at monster.com>, delay=00:00:07, xdelay=00:00:02, 
mailer=esmtp, pri=121333, relay=mailsorter.ma.tmpw.net. [63.112.169.25], 
dsn=2.0.0, stat=Sent (j56Mq3ei016306 Message accepted for delivery)

I'm looking at this and it almost seems as if im an open relay!!

Ok...great.

here is my setup

MS: 4-41.3
sendmail: 8.12.11

If I am an open relay,  anyone here that can help me out. Email me at  
liquid.proxy at gmail.com while I  determine what the hell is going on.

Thanks

Jason

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list