• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 265
  • Last Modified:

How do I tell if I'm being used as a relay

I just fired up new sendmail mail server, but I'm getting odd looking log message and I'm wondering if it's being used as a relay. Message are like:
Feb 19 08:54:34 mail sm-mta[16262]: t1HHNKgC027661: to=<jkkalisz@bex.net>, ctladdr=<daemon@ohprs.org> (2/2), delay=1+20:31:14, xdelay=00:00:00, mailer=esmtp, pri=10366932, relay=mx.bex.net.cust.b.hostedemail.com., dsn=4.0.0, stat=Deferred
Feb 19 08:54:34 mail sm-mta[16262]: t1HHflwx028217: to=<crhawn@bex.net>, ctladdr=<daemon@ohprs.org> (2/2), delay=1+20:12:47, xdelay=00:00:00, mailer=esmtp, pri=10366932, relay=mx.bex.net.cust.b.hostedemail.com., dsn=4.0.0, stat=Deferred
Feb 19 08:54:39 mail sm-mta[16262]: STARTTLS=client, relay=aln-mailrelay.att.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Feb 19 08:54:45 mail sm-mta[16262]: STARTTLS=client, relay=scc-mailrelay.att.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
Feb 19 08:54:51 mail sm-mta[16262]: STARTTLS=client, relay=frf-mailrelay.att.net., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256

Open in new window

Here's my .mc file:
include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
DOMAIN(generic)dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confCHECKPOINT_INTERVAL',`10')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl',`bl.spamcop.net')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
define(`confCACERT_PATH',`/etc/ssl/OHPRS/GoDaddy/')dnl
define(`confCACERT',`/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem')dnl
define(`confSERVER_CERT',`/etc/ssl/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confSERVER_KEY',`/etc/ssl/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
define(`confCLIENT_CERT',`/etc/ssl/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt')dnl
define(`confCLIENT_KEY',`/etc/ssl/OHPRS/GoDaddy/mail.ohprs.org.key')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
define(`confMILTER_MACROS_ENVRCPT',`r, v, Z')dnl
INPUT_MAIL_FILTER(`milter-bcc',`S=local:/var/run/milter-bcc.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
MASQUERADE_AS(`ohprs.org')dnl
MASQUERADE_DOMAIN(`ohprs.org')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`always_add_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window

Advice?
0
jmarkfoley
Asked:
jmarkfoley
  • 2
  • 2
2 Solutions
 
IvanSystem EngineerCommented:
Hi,

you can always use http://mxtoolbox.com/diagnostic.aspx to check if you are relay.
Just enter public name of server, such as mail.domain.com

Regards.
0
 
Jan SpringerCommented:
If you have an new release of sendmail and sendmail.cf, by default those are turned off.

What does /etc/mail/access have in it?

And have you gone to an external (off net) IP and manually done a manual telnet to test that port 25 blocks mail from unknown IPs or unauthenticated senders?
0
 
jmarkfoleyAuthor Commented:
spriggan13: I did try mxtoolbox.com and it did not say anything about relaying, though I may not have picked the right test.

Jan Springer:
What does /etc/mail/access have in it?
This is the entire /etc/mail/access:
192.168.0       RELAY

webserver.ohprs.org  RELAY
64.129.23.95    RELAY

oldmail.ohprs.org RELAY
64.129.23.80    RELAY

# Voicemail system
66.202.79.114   RELAY
.choiceone.net  RELAY

To:noreply@ohprs.org    ERROR:"550 This address does not receive mail"

Open in new window

The 1st entry is to permit all hosts on the LAN. The 2nd and 3rd entries are for a host which uses *this* host as a 'Smart Host'. The relaying host (webserver) also has an address on the LAN and relays to the mail server's LAN address so probably never sends from the public address, but it's there just in case.

the next two entries are for a host which is powered off.

The last 2 relay entries are for the voice mail computer.
And have you gone to an external (off net) IP and manually done a manual telnet to test that port 25 blocks mail from unknown IPs or unauthenticated senders?
Yes, I've done a manual telnet and can connect just fine. Why would it block? How else would you, for example, send me an email on that host?
0
 
jmarkfoleyAuthor Commented:
I think I'm OK, just a bit paranoid with this new configuration. I'm going to consider this closed and if I get nervous again I'll post a new question. Thanks for you help. The mxtoolbox.com site was useful generally.
0
 
Jan SpringerCommented:
just a side note:  listing allowed relay hosts or subnets by their respective DNS name means that i can change my inverse DNS and spoof your domain name and then send spam through your system.

i always recommend using IP addresses or subnets.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now