Help Mdaemon Large qty of SMTP being generated is it a Spammer on my system. How do I fix it

I've noticed an abnormal outging SMTP message count from my MDAEMON server.
These seem to be RAW messages not generated by me.

Is someone spamming my system?
I have modified the IP shielding to select 'Messages to valid local users are exempt from Domain/IP matching'
and also
'IP Shield Honors Aliases' will this help?

Can anyone help

Thanks
Malcolm


Fri 2008-02-01 00:22:14: ----------
Fri 2008-02-01 05:41:32: [RAW] Converting <C:\MDAEMON\RawFiles\md75000015859.raw>
Fri 2008-02-01 05:41:32: [RAW] From: MDaemon@Trilobyte.co.uk
Fri 2008-02-01 05:41:32: [RAW] To: servizio@bancaroma.it
Fri 2008-02-01 05:41:32: [RAW] Subject: Permanent Delivery Failure
Fri 2008-02-01 05:41:32: [RAW] Message-ID: <MDAEMON0005200802010541.AA4132692@Trilobyte.co.uk>
Fri 2008-02-01 05:41:32: [RAW] Encoding attachment file [c:\mdaemon\temp\md50000000077.eml]
Fri 2008-02-01 05:41:32: [RAW] Conversion completed (created c:\mdaemon\remoteq\md75000083459.msg)
Fri 2008-02-01 05:41:32: ----------
TrilobyteMKRAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gabriel OrozcoSolution ArchitectCommented:
An SMTP open relay is a mail server that permits an unknown, outside sender to pass mail through the server to unknown, outside recipients, usually without the consent of its manager. This gives professional spammers a ready delivery mechanism for dumping unsolicited commercial email (UCE) on undeserving end-users while avoiding detection. It's easy to see why spammers favor open relays. They can abuse other people's bandwidth and mail servers, without getting blocked, blacklisted, or suffering negative publicity.

for MDaemon:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01452

I see in the point 4:
(4) Security | Relay/Trusts/Tarpit/Reverse lookups... - Relay Settings - enable the 'This server does not relay mail for foreign domains' switch. Also enable the 'Sender's address must be valid if it claims to be from a local domain' switch. With these switches enabled, messages sent through your server must either originate from or be destined for a local account. True, spammers can fake the addresses they use when sending their spam mail but this will not be enough. They will have to fake the IP address they are sending mail from if you have configured the IP Shielding feature as outlined above.

in general, read all these points and enable those that make more sense.
0
TrilobyteMKRAuthor Commented:
Redimindo,
thanks for your help so far. In Mdaemon 6.9.4 which is the version I'm running I don't seem to have those options in Relay settings I have :-
Mail Relaying.
        Do not allow message relaying
          Click here and MDaemon will only accept messages wgich are either FROM orTO a local domain or gateway.
     [ ] ...unless addressed to a known alias
     [ ] ... unless sent via authenticated SMTP session
     [ ] ... unless sent from a gateway user

Account Verification -----------------------------------
     [ ] SMTP MAIL address must exist if it uses a local domain.
          Click here and MDaemon will verify that MAIL values point to valid local accounts when   they   include a local domain or gateway.
                  [ ].... unless sent via authenticated SMTP session
                  [ ] ... unless sent from a trusted IP
    [ ] SMTP RCPT address must exist if it uses a local domain
    Click here and MDaemon will verify that  RCPT values point to valid local accounts when they include a local domain.
                [ ] ...unless sent via authenticated SMTP session
                [ ] ... unless sent from a trusted IP
Currently I have 'Do not allow message relaying' selected, and 'unless sent via authenticated SMTP session'
I also have 'SMTP MAIL address must exist if it uses a local domain' selected
and also SMTP RCPT address must exist if it uses a local domain'

Do I have these setting right, or should I use some other option.

Many thanks

Malcolm

0
Gabriel OrozcoSolution ArchitectCommented:
Hi Malcolm

check
    [x] SMTP MAIL address must exist if it uses a local domain.
                  [x].... unless sent via authenticated SMTP session
                  [x] ... unless sent from a trusted IP
    [x] SMTP RCPT address must exist if it uses a local domain
                [x] ...unless sent via authenticated SMTP session
                [x] ... unless sent from a trusted IP

but be very careful to select which are your trusted IP's.. these should be only the LAN ip range (like 192.168.x.y) and of course your firewall should not allow any connection from a local address range from internet.

that should suffice.

after these changes, and restarting your MDaemon. does the problem remains?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

TrilobyteMKRAuthor Commented:
Thanks for that Redimido,
After I've applied these changes is there any that I can check that I have sufficient security on the e-mail server?

Thanks

Malcolm
0
Gabriel OrozcoSolution ArchitectCommented:
Hi
First, you should note you should not be seeing the abnormal count of emails you started this question with.

Second, you can schedule a test from one of the black lists to see if everything is okay.
asking google for "open relay test" I found:
http://www.abuse.net/relay.html
http://members.iinet.net.au/~remmie/relay/
http://spamlinks.net/prevent-secure-relay-test.htm#how
I liked this one:
http://www.dnsgoodies.com/
among many others
0
TrilobyteMKRAuthor Commented:
Redimido,
I've made the settings that you recommend, when I tested for an open relay I just got a timeout message.
Does that mean that I don't have an open relay?
Malcolm
0
Gabriel OrozcoSolution ArchitectCommented:
it means you missed the correct server
just check which is the correct one and retry
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TrilobyteMKRAuthor Commented:
Thanks for your help Redimido
Malcolm
0
Gabriel OrozcoSolution ArchitectCommented:
Thanks Malcolm

what would I need to say to you in order to get an "A" ?
0
TrilobyteMKRAuthor Commented:
I'm new to this and following the guidelines when I acceted the solution it came up with a B classification. I'm sorry if that disappoints. Is there any way I can upgrade it to an A?
Malcolm
0
Gabriel OrozcoSolution ArchitectCommented:
no problem.. I considered I found what was the error and helped on which parameters could be best. it is difficult to go any further than that... maybe in next question you can value that for the pal/gal that help you that time... we are here to help but a good feedback is very encouraging. this community is about that. I do not know of anyone that gets paid here. its just points (and maybe ego hehehe)

Thanks!
0
TrilobyteMKRAuthor Commented:
Thanks for that I will try to be more generous next time.
thankyou again

malcolm
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Protocols

From novice to tech pro — start learning today.