Re: [cobalt-users] spam relay

["Robert G. Fisher" <rfisher@xxxxxxxxxxxxxxx>]

On Wed, Apr 05, 2000 at 08:12:49AM +0100, abcwebspace wrote:
> i have someone spamming through my sendmail using a local host name etc. I
> don't allow my clients to use smtp and I thought sendmail was pre-configured
> not to relay mail? (RAQ3). As a temp measure I've used
> /etc/rc.d/init.d/sendmail stop to shut the sendmail down - what next????

Check your mail logs.  /var/log/maillog(*) should do the trick.

Look for the entries where these messages originated...shouldn't
be too hard to find, look for the to=<address> and ctladdr=<address>
fields to see what machines these originated from.

If you need a more in depth explanation of this, check the 'Bat Book'
or 'Sendmail' by O'Reilly.  It goes into explaining how to read the
logfile.  

There's two more things you might want to keep in mind:

1)  Sendmail does not have to be running as a daemon (the way it does
    to handle SMTP) to be called to deliver a message -- most CGIs
    will make a call directly to sendmail when they have to send a
    message...This does not require them to speak through the SMTP
    port.

2)  /etc/rc.d/init.d/sendmail stop does not prevent sendmail from
    starting up in daemon mode at the next reboot.  You should either
    uncheck the Mail Server icon in the Control Panel or go into
    
    	/etc/rc.d/rc[0-6].d/ and look for S##sendmail, either delete
    the symbolic link or rename it to K##sendmail as S##<whatever>
    is the RedHat convention for Start this service at ## step of the
    startup procedure for this runlevel.
-- 
Robert G. Fisher		     NEOCOM Microspecialists Inc. 
System Administrator/Programmer      (540) 666-9533 x 116