[svlug] sendmail relaying in my log, what do you make of this?

Alvin Oga alvin at planet.fef.com
Wed Jul 18 13:21:02 PDT 2001


hi ya gordon
 
i'll take a crack at it...  the message says... 

some bozo ( your dedicated "server testing team member" ) at
CPE-203-45-51-190.vic.bigpond.net.au is trying to
send email (probably spam) to candice at dopeysluts.com thru your PC 

the bozo in *.au is the one that knows about it...they are the cultprit

more open relay testing stuff...
	http://www.linux-sec.net/audit_tools.gwif.html#Relay

c ya
alvin


>From an outside machine... to test your own server at to_test.com

# telnet mail.to_test.com 25
> mail from: you at your_other_domain.com 
> rcpt to: spam_recipient at their_domain.com
> quit

you shoulda gotten "relaying denied" from your to_test.com mail server

go and check your mail.to_test.com:/var/log/maillog file
for the relay denied log message

> Gordon Vrololjak wrote:
> Security Violations =-=-=-=-=-=-=-=-=-=
> Jul 17 08:07:18 wilfred sendmail[30717]: IAA30717: ruleset=check_rcpt,
> arg1=<candice at dopeysluts.com>, relay=CPE-203-45-51-190.vic.bigpond.net.au
> [203.45.51.190], reject=550 <candice at dopeysluts.com>... Relaying denied
> 
> Someone trying to send spam from their website to a server in Australia,
> to me, and then relaying it onwards?  It looks like sendmail denied doing
> this in my ruleset, but I did very little modification of sendmail
> configuration since my install.  Should I let the person at the server in
> Australia know about it?
> 




More information about the svlug mailing list