RE: Open Relay issue

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Bill Wesson
Date:  
To: plug-discuss
Subject: RE: Open Relay issue
This is what I get 5 days earlier. (There are many more attempts.)
Since the message was sent to a non-existent user at one of our domains, I
think what I'm seeing here is Sendmail sending a message back to original
sender that the email address is invalid. Would anyone agree with this
assessment?

Has anyone tried any of the open-relay assessment tools listed on Jeremy's
link? Any recommendations of which one to try first?

Thanks,
--Bill

Aug 4 17:25:03 payson sendmail[3689]: i750P31j003689:
from=<>, size=1225, class=0, nrcpts=1,
msgid=<>, proto=SMTP, daemon=MTA,
relay=[65.182.130.29]
Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699: ruleset=check_mail,
arg1=<>, relay=root@localhost, reject=451 4.1.8 Domain of
sender address does not resolve
Aug 4 17:25:47 payson sendmail[3698]: i750P31j003689:
to=<>, delay=00:00:44, xdelay=00:00:41,
mailer=virthostmail, pri=121225, relay=westerneng.com, dsn=4.0.0,
stat=Deferred: 451 4.1.8 Domain of sender address does
not resolve
Aug 4 17:25:47 payson sendmail[3699]: i750P6Aa003699:
from=<>, size=1551, class=0, nrcpts=0, proto=ESMTP,
relay=root@localhost
Aug 4 18:04:47 payson sendmail[4132]: i750P31j003689:
to=<>, delay=00:39:44, xdelay=00:00:40,
mailer=virthostmail, pri=211225, relay=westerneng.com, dsn=4.0.0,
stat=Deferred: 451 4.1.8 Domain of sender address does
not resolve

-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.plug.phoenix.az.us] On Behalf Of Bryce C
Sent: Wednesday, August 11, 2004 4:28 PM
To: PLUG
Subject: RE: Open Relay issue

Just to point out something not yet considered, it is very possible that
a spammer is just using an address at your domain. Admittedly, I only
skimmed the message/error, but this sort of thing happens to me all the
time, daily at least. No security issue, there isn't even a mail server
for "them" to use as a relay that is mine, just an address.

On Wed, 2004-08-11 at 16:10, Bill Wesson wrote:
> Note:    Westerneng.com is a domain on our server. 
>      is a non-existent user.
> Part of the message is as follows:

>
>     **********************************************
>     **      THIS IS A WARNING MESSAGE ONLY      **
>     **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
>     **********************************************

>
> The original message was received at Wed, 4 Aug 2004 17:25:03 -0700 from
> [65.182.130.29]
>
>    ----- Transcript of session follows ----- ... while talking to
> payson.visionengravers.com:
> >>> MAIL From:<> SIZE=1577
> <<< 451 4.1.8 Domain of sender address  does not

resolve
> <>... Deferred: 451 4.1.8 Domain of sender address
> does not resolve
> Warning: message still undelivered after 4 hours Will keep trying until
> message is 5 days old
>
> +++++++++++++++++++++
>
> Here is the text from maillog. The one that has me concerned is to
> .
>
> Aug 9 22:53:30 payson sendmail[22510]: i75547IJ006693:
> to=<>, delay=5+00:48:43, xdelay=00:00:22, mailer=esmtp,
> pri=10652601, relay=mail.senderservices.info. [65.59.208.76], dsn=4.0.0,
> stat=Deferred: 421 SMTP service not available, closing transmission

channel
> Aug 9 22:53:31 payson sendmail[22510]: i75547IJ006693: i7A5qnhx022510:
> return to sender: Cannot send message for 5 days
> Aug 9 22:53:31 payson sendmail[22510]: i7A5qnhx022510: to=root,
> delay=00:00:00, xdelay=00:00:00, mailer=local, pri=34654, dsn=2.0.0,
> stat=Sent
>
> Thanks,
> --Bill
>
> On Wed, 11 Aug 2004, Bill Wesson wrote:
>
> > I have a message from Postmaster Notify on my Sendmail server that I'm

not
> > quite sure about. It appears someone has successfully relayed. We have
> SMTP
> > authorization set, so a password may have been guessed. Would anyone be
> able
> > to take a look at the message to see if my guess is correct? I can

forward
> > the message to you off list.
>
> Post to this list the few lines from your mail logs that correspond with
> this related message.
>
> > Also, are there any good automatic relay-block testers not affiliated

with
> a
> > RBL that can deliver accurate information?
>
> Have a look at the relay checker tools linked from
> http://spamlinks.openrbl.org/tools-relay.htm
>
>
> Jeremy C. Reed
>
>                  BSD News, BSD tutorials, BSD links
>                 http://www.bsdnewsletter.com/

>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
Bryce C <>
CoBryce Communications

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss