securing relay...

[Mike Kercher]

MailScanner mailing list <> scribbled on Monday, October 03, 2005 4:53 PM:

> Hey guys,
> 
> Im not sure if this has to do with MailScanner or not,
> because its just totally beyond me, maybe you can shed some
> light or point me in the right direction. The setup is
> MailScanner pushes to exchange via Mailertable/sendmail.
> Access only has mydomain.com in it. When I telnet to the MS
> box relay-denied(good) when trying to send other than
> mydomain.net as far as i can tell, But when monitoring
> packets I see spam originating or relaying from my MS server
> to the net. It's getting me blacklisted. What kind of command
> lets people relay? thats the one thing i can't verify when
> looking through the packets. I would like the MSbox only to
> relay to my exchange server and nowhere else. The only thing
> i can think or is to put a firewall on the MS box to only
> allow outgoing to my exchange box. What would be the
> forseeable results of that? is there a better way?
> 
> -JD

/etc/mail/access should not have mydomain.com in it.

mydomain.com should be in /etc/mail/relay-domains

I suspect that someone is using your sendmail box to send out spam from
user at mydomain.com  Since you have mydomain.com in your access file, you are
allowing them to relay.  What does your maillog show?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!