How can I tell if my Solaris server is being used as a mail relay

Posted on 2006-04-25
Last Modified: 2013-12-21
I suspect my Solaris 5.8 server is being used as a mail relay from an outside source, how can I tell?
Question by:mslibrarycommission
    LVL 14

    Expert Comment

    I have been trying to find a software tool to do the same thing, but have been unsuccessful.

    If your server dose not need to do mail at all, then you could do an
    /ete/init.d/sendmail stop

    This will turn off all mail services on the server. (until you reboot)

    You can also manually check the logs at /var/log/syslog looking for sendmail entries to see if there is much off site traffic.
    grep sendmail /var/log/syslog |more

    LVL 10

    Expert Comment

    Easy, check the sendmail log files.  If you have a source that isn't from your domain or localhost and the destination is also not from your domain or localhost, then your server is being used as a relay.

    I can't remember which version of sendmail comes in Solaris 8 but something to get you start:
    LVL 27

    Accepted Solution

    Easy way - submit your email server IP to trusted mail relay checker, it will check your server for all known types of relay (including bounce relay and many other types, which are hard do discover manually).
    Here are two trusted checkers (they will not disclose your IP, but they will include it in blacklist, so you will need to ask them again to recheck when problem will be fixed, if any):
    LVL 14

    Expert Comment

    Although the accepted answer is good, and those methods will tell you if there is a configuration error that allows relaying, they do not tell you if there is a compromised account that is being used to send spam.  Or worse if one of your own users is a spammer!

    What would be really good is a tool that monitors mail flow and alerts the sysadmin if someone suddenly sends 50 or more messages in a short period of time.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
    I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (…
    Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
    In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now