This is what I get 5 days earlier. (There are many more attempts.) Since the message was sent to a non-existent user at one of our domains, I think what I'm seeing here is Sendmail sending a message back to original sender that the email address is invalid. Would anyone agree with this assessment? Has anyone tried any of the open-relay assessment tools listed on Jeremy's link? Any recommendations of which one to try first? Thanks, --Bill Aug 4 17:25:03 payson sendmail[3689]: i750P31j003689: from=, size=1225, class=0, nrcpts=1, msgid=, proto=SMTP, daemon=MTA, relay=[65.182.130.29] Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699: ruleset=check_mail, arg1=, relay=root@localhost, reject=451 4.1.8 Domain of sender address Bain@123-stock.info does not resolve Aug 4 17:25:47 payson sendmail[3698]: i750P31j003689: to=, delay=00:00:44, xdelay=00:00:41, mailer=virthostmail, pri=121225, relay=westerneng.com, dsn=4.0.0, stat=Deferred: 451 4.1.8 Domain of sender address Bain@123-stock.info does not resolve Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699: from=, size=1551, class=0, nrcpts=0, proto=ESMTP, relay=root@localhost Aug 4 18:04:47 payson sendmail[4132]: i750P31j003689: to=, delay=00:39:44, xdelay=00:00:40, mailer=virthostmail, pri=211225, relay=westerneng.com, dsn=4.0.0, stat=Deferred: 451 4.1.8 Domain of sender address Bain@123-stock.info does not resolve -----Original Message----- From: plug-discuss-admin@lists.plug.phoenix.az.us [mailto:plug-discuss-admin@lists.plug.phoenix.az.us] On Behalf Of Bryce C Sent: Wednesday, August 11, 2004 4:28 PM To: PLUG Subject: RE: Open Relay issue Just to point out something not yet considered, it is very possible that a spammer is just using an address at your domain. Admittedly, I only skimmed the message/error, but this sort of thing happens to me all the time, daily at least. No security issue, there isn't even a mail server for "them" to use as a relay that is mine, just an address. On Wed, 2004-08-11 at 16:10, Bill Wesson wrote: > Note: Westerneng.com is a domain on our server. > carol@westerneng.com is a non-existent user. > Part of the message is as follows: > > ********************************************** > ** THIS IS A WARNING MESSAGE ONLY ** > ** YOU DO NOT NEED TO RESEND YOUR MESSAGE ** > ********************************************** > > The original message was received at Wed, 4 Aug 2004 17:25:03 -0700 from > [65.182.130.29] > > ----- Transcript of session follows ----- ... while talking to > payson.visionengravers.com: > >>> MAIL From: SIZE=1577 > <<< 451 4.1.8 Domain of sender address Bain@123-stock.info does not resolve > ... Deferred: 451 4.1.8 Domain of sender address > Bain@123-stock.info does not resolve > Warning: message still undelivered after 4 hours Will keep trying until > message is 5 days old > > +++++++++++++++++++++ > > Here is the text from maillog. The one that has me concerned is to > Bain@123-stock.info. > > Aug 9 22:53:30 payson sendmail[22510]: i75547IJ006693: > to=, delay=5+00:48:43, xdelay=00:00:22, mailer=esmtp, > pri=10652601, relay=mail.senderservices.info. [65.59.208.76], dsn=4.0.0, > stat=Deferred: 421 SMTP service not available, closing transmission channel > Aug 9 22:53:31 payson sendmail[22510]: i75547IJ006693: i7A5qnhx022510: > return to sender: Cannot send message for 5 days > Aug 9 22:53:31 payson sendmail[22510]: i7A5qnhx022510: to=root, > delay=00:00:00, xdelay=00:00:00, mailer=local, pri=34654, dsn=2.0.0, > stat=Sent > > Thanks, > --Bill > > On Wed, 11 Aug 2004, Bill Wesson wrote: > > > I have a message from Postmaster Notify on my Sendmail server that I'm not > > quite sure about. It appears someone has successfully relayed. We have > SMTP > > authorization set, so a password may have been guessed. Would anyone be > able > > to take a look at the message to see if my guess is correct? I can forward > > the message to you off list. > > Post to this list the few lines from your mail logs that correspond with > this related message. > > > Also, are there any good automatic relay-block testers not affiliated with > a > > RBL that can deliver accurate information? > > Have a look at the relay checker tools linked from > http://spamlinks.openrbl.org/tools-relay.htm > > > Jeremy C. Reed > > BSD News, BSD tutorials, BSD links > http://www.bsdnewsletter.com/ > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Bryce C CoBryce Communications --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss