[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

how to stop spam relaying?

I have setup some anti-spamming rules in my smtp-policy files, but it
looks like someone was actually able to use my system as a spam relay:

Here are the logs:

3049#   connection from usr1-dialup51.mix1.Bloomington.mci.net ident:
TIMEDOUT [port 1087]
3049w   220 gate ZMailer Server 2.99.49p8 #1 ESMTP+IDENT ready at Sat,
24 Jan 1998 15:22:45 -0700
3049#   remote from []
3049r   HELO ccweb.ccweb.com
3049w   250 gate.mcc.net expected "HELO
3049r   RSET
3049w   250 2.0.0 Ok
3049r   MAIL FROM:<guhio71@msn.com>
3049w   250 2.1.0 Sender syntax Ok
3049r   RCPT TO:<2001199@mcimail.com>
3049w   250 2.1.5 Recipient address syntax Ok
3049r   RCPT TO:<2001198@mcimail.com>
3049w   250 2.1.5 Recipient address syntax Ok
3049r   RCPT TO:<2001197@mcimail.com>
3049r   RCPT TO:<2001101@mcimail.com>
3049w   250 2.1.5 Recipient address syntax Ok
3049r   RCPT TO:<2001100@mcimail.com>
3049w   250 2.1.5 Recipient address syntax Ok
3049r   DATA
3049w   354 Start mail input; end with <CRLF>.<CRLF>
3049w   250 2.6.0 S.omabe421802 message accepted
3049#   S.omabe421802: 6960 bytes
3049r   QUIT
3049w   221 2.0.0 gate.mcc.net Out

I have setup the following files to try to stop this:

(List of IPs that can use us as an outgoing smtp server)

(all of the domains that we are the mail exchanger for)

I then run $ZMAILER/bin/policy-builder.sh to create the database files,
and the policydb parameter in smtpserver.conf is set to:

PARAM  policydb   ndbm  /apps/zmailer/db/smtp-policy

According to the contents of the above files, what happened in the logs
above, should never have happened.
Am I missing something obvious?


Trevor Paquette              | MetroNet Solutions |Work:(403)543-2355
TrevorPaquette@mcc.net       |4300, 150 6th Ave SW| Fax:(403)543-2854
http://www.mcc.net           |Calgary, AB, Canada |ICBM:51'03"N/114'05"W
Senior Unix Network Architect|       T2P 4K9      |Mind:In the Rockies