I'm a bit nervous here. Recently I've started getting 20-25 mails to my Postmaster account on my FreeBSD 4.8RC server running Sendmail 8.12.8/8.12.8 each day with a message to Postmaster that the mail could not be delivered.
In the daily run output from the server I see messages like these:
Mail in local queue:
/var/spool/mqueue (15 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
h5IGWCj5047460 4477 Wed Jun 18 18:44 MAILER-DAEMON
(Deferred: Connection refused by mobilemice.com.)
<[EMAIL PROTECTED]>
h5HJ1xj4020111 4251 Tue Jun 17 21:03 MAILER-DAEMON
(Deferred: Connection refused by distanteye.com.)
<[EMAIL PROTECTED]>
h5HFHEj3015655 3298 Tue Jun 17 17:17 MAILER-DAEMON
(host map: lookup (triplepipe.com): deferred)
<[EMAIL PROTECTED]>
I have no relations with these hosts.
In the maillog from the server I see this:
Jun 19 14:09:19 server sendmail[71128]: h5G21ij4070939: to=<[EMAIL PROTECTED]>, delay=3+10:06:00, xdelay=00:00:00, mailer=esmtp, pri=15062899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com.
Jun 19 14:09:19 server sendmail[71128]: h5FLiJj3065159: to=<[EMAIL PROTECTED]>, delay=3+14:25:00, xdelay=00:00:00, mailer=esmtp, pri=15962899, relay=distanteye.com., dsn=4.0.0, stat=Deferred: Connection refused by distanteye.com.
Jun 19 14:10:57 server sendmail[71128]: h5FLgVj3065158: [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED], delay=3+14:28:25, xdelay=00:01:38, mailer=esmtp, pri=16261875, relay=mailgw.c2i.net., dsn=4.0.0, stat=Deferred: 450 Unable to find distanteye.com
Jun 19 14:10:57 server sendmail[71128]: h5F0VUj4040115: to=<[EMAIL PROTECTED]>, delay=4+11:37:52, xdelay=00:00:00, mailer=esmtp, pri=19742831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com.
Jun 19 14:10:57 server sendmail[71128]: h5EKGnj3034414: to=<[EMAIL PROTECTED]>, delay=4+15:54:08, xdelay=00:00:00, mailer=esmtp, pri=20642831, relay=mobilemice.com., dsn=4.0.0, stat=Deferred: Connection refused by mobilemice.com.
The mailq (/var/log/mqueue) contains 30 messages, both dfh* and qfh*.
I've manually configured my .mc file which looks like this (I'm running Procmail and Spamassassin):
divert(0)
VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.10.2.17 2002/11/14 03:21:18 keramida Exp $')
OSTYPE(freebsd4)
DOMAIN(generic)
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/
dnl Uncomment to activate Realtime Blackhole List
dnl information available at http://www.mail-abuse.com/
dnl NOTE: This is a subscription service as of July 31, 2001
dnl FEATURE(dnsbl)
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?"; $&{client_add
r}')
dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names')
dnl Uncomment both of the following lines to listen on IPv6 as well as IPv4 dnl DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confMAX_MIME_HEADER_LENGTH', `256/128') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') FEATURE(local_procmail) MAILER(local) MAILER(smtp)
If I try to telnet to my server from "somewhere" I get relaying denied so I think I've got it right, but somehow I have a feeling someone is getting through somehow. I'm running Apache, MySQL, PHP and other "webserver" related apps on the same machine.
Thanks for any help! Andreas
--- Andreas Widerĝe Andersen <[EMAIL PROTECTED]> Pragma AS
http://www.pragma.no
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
