[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ3/4 - Disable Relaying

Subject: Re: [cobalt-users] RaQ3/4 - Disable Relaying
From: David Lucas <david@xxxxxxxxxxxxxxxx>
Date: Thu Feb 7 22:07:00 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 11:25 PM 2/7/2002, you wrote:

I just disabled the "Pop before Relay" check box in
the GUI, but I noticed the script was still running
-okay to just kill off the process?

perl /usr/local/sbin/poprelayd -d

>However, be carefull, if he has ftp access, it
>could upload a spamware cgi script and spam
>from inside the server, that one is really nasty
>as he has direct access to a fast connection then...

I think you're right, I'm watching his directories but
it appears he's deleting the script right after he
does his deeds.

Everyday for the last several days I see about 1-2
dozen entries like this in my logs:

Feb  7 11:07:58 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxxx>... Relaying denied.

Feb  7 11:08:01 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxx>... Relaying denied.

Feb  7 11:08:05 sendmail: ruleset=check_rcpt,
arg1=<hanmail@cupis1018621>, relay=[61.75.92.51],
reject=550 <hanmail@cupis1018621>... Relaying denied.

Feb  7 11:08:08 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxx>... Relaying denied.

Feb  7 11:08:12 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxx>... Relaying denied.

Feb  7 11:08:16 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxxx>... Relaying denied.

Feb  7 11:08:19 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxxx>... Relaying denied.

Feb  7 11:08:22 sendmail: ruleset=check_rcpt,
arg1=<hanmail@xxxxxxxxxxxxx>, relay=[61.75.92.51],
reject=550 <hanmail@xxxxxxxxxxxxx>... Relaying denied.

I then block the IP in my firewall, and also via the
reject box (for mail/hosts) in the GUI -but they're
always back the next day on another IP addy. Plus it's
always just for 1 min (the time of the open relay
window), then it stops. Then maybe a second time later
in the day.


Why all the extra work.  It says it is being denied.  It is doing its work.

Learn how to use procmail recipes and put one in to throw away anythingfrom hanmail.If you think it is really one of your clients, check the maillog for whenthey are getting their mail and see if any of the ip are showing up. Iimagine it is just someone trying to spam through your server.


What email are you using that you can just keep hitting the send button?

I used to work at a gas station. The pumps work on pressure. If thepressure goes down the pumps shut off. It thinks there is a leak or brokenline. When the weather gets cold the fuel contracts in the pipes if no onehas been pumping any gas.

If you activate the pump and wait about 30 seconds, it will startpumping. BUT... I have had people tell me that it would not pump, but theystomped their foot, turned around twice and clapped. Then it startedpumping. .... Yeah, it was after about 30 seconds.

If they happened to check their mail somewhere along the way, or itautomatically checked then they are now logged in and yes the mail will now go.

I know it's attached to one of the user accounts on
the box, because it just started happening around week
ago -but I've been moving domains from server A over a
new server B (in groups of 5 per day), and it just
started on server B last night (and stopped on server
A). I've been able to pin it down to 1-3 domains just
moved over to server B, and I'm working on figuring
out which domain is causing all the noise (then I
close their acct).  I've checked all their directories
for formmail scripts and the like, but notta. It's
like they try and hammer away at the relay for about 1
min each day just to try and get off a few spams. It's
been my experience (and even users have commented on
this since I started requiring them to all use their
ISP's for SMTP) -that even if you don't permit
relaying on the RaQ's, if you bang on the send button
of the outgoing message long enough, the server will
eventually accept the mail for delivery (one piece at
a time).

Thanks!
Chad

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

References:
- [cobalt-users] RaQ3/4 - Disable Relaying
  - From: Chad

Prev by Date: [cobalt-users] RaQ3/4 - Disable Relaying
Next by Date: Re: [cobalt-users] RaQ4i Block entire country from SMTP - How?
Previous by thread: [cobalt-users] RaQ3/4 - Disable Relaying
Next by thread: [cobalt-users] dumb question..."postgresql server is not responding"

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index