Could someone please help, I am concerned that someone has compromised my server and is using it as
a relay for junk mail. I have tested the server with
all the standard web test sites, ie: abuse.net, and it comes up negative with the appropiate denial message but I am still concerned. My server continues to have a ton of disk activity, and I keep getting a ton of these log entry's in my /var/log/maillog file.
******************************************
Jul 15 02:13:07 Goose smtpd[6194]: smtp connection from UNKNOWN@localhost(127.0.0.1) MAIL FROM: <> RCPT TO: <kkmqjjarxfig@romymichele.com>, allowed by line 22 of /etc/smtpd_check_rules
******************************************
Here is my line 22 of smtpd_check_rules.
# Allow relaying from the local network
allow:127.0.0.1:ALL:ALL
******************************************
Would it make sense to comment out that line "allow:127.0.0.1:ALL:ALL" and not
allow the server to send mail if it's not from a listed domain. Or would that screw up the server somehow?
Also I continue to see the qmial-remote process
runnign this line.
qmailr 10714 1059 0 18:47 ? 00:00:00 qmail-remote romymichele.com kkmqjjarxfig@romymichele.com
If my mail server is configured properly, and it is not being used as a relay, is it possible that a node
on my network has a virus and is sending tons of junk
mail, and my server is just busy pumping it out?
Here is the complete smtpd_check_rules file that I have configured.
Thanks
Scooby9
**************************************************
smtpd_check_rules
**************************************************
#------------------------------------------------------------
# DO NOT MODIFY THIS FILE! It is updated automatically by the
# e-smith server and gateway software. Instead, modify the source
# template in the /etc/e-smith/templates directory. For more
# information, see
http://www.e-smith.org.
#
# copyright (C) 1999, 2000 e-smith, inc.
#------------------------------------------------------------
# Don't allow bang paths via us
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
# Don't allow two @s (equivalent to %hack) via us
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
# Don't allow %hack relay via us
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
# Allow relaying from the local network
allow:127.0.0.1:ALL:ALL
allow:90.0.0.0/24:ALL:ALL
allow:10.0.0.0/24:ALL:ALL
allow:23.188.126.23/24:ALL:ALL
# Prohibit access to these addresses from the outside world
noto:ALL:ALL:everyone@*.mydomain.com everyone@mydomain.com:551 Sorry %H (%I), you cannot send mail to %T from outside our loca
l network.
noto:ALL:ALL:shared@*.mydomain.com shared@mydomain.com:551 Sorry %H (%I), you cannot send mail to %T from outside our local ne
twork.
# Allow any of our domains
allow:ALL:ALL:*.mydomain.com *@mydomain.com
allow:ALL:ALL:*.mydomain.dcomp.net *@mydomain.dcomp.net
allow:ALL:ALL:*.mail.mydomain.com *@mail.mydomain.com
# Just say no to anything else, we won't relay for people we don't know.
noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please use another SMTP host to mail from %F to %T
#------------------------------------------------------------
# TEMPLATE END
#------------------------------------------------------------
~
2 Replies
751 Views