HPE Community
Operating System - Linux
1829103 Members
2223 Online
109986 Solutions
New Discussion

How can I tell if my system is being used to relay email?

 
SOLVED
Go to solution
Paul Mancillas
Advisor

‎10-08-2002 07:01 AM

‎10-08-2002 07:01 AM

How can I tell if my system is being used to relay email?

I checked the /var/log/maillog file and I can see several "from=" entries with user names on my system that should not be sending email out from my system. There is also a "relay=" entry on the same line that refers to a domain other than mine. Does this mean that someone is using my system as a mail relay? If so, then how can I stop this? I'm using sendmail 8.9.3 on a Red Hat 6.1 system.

Thanks,

Paul Mancillas
0 Kudos
Reply
6 REPLIES 6
Roberto_30
Frequent Advisor

‎10-08-2002 07:39 AM

‎10-08-2002 07:39 AM

Re: How can I tell if my system is being used to relay email?

You have the ability to control who you allow to relay from your machine. By configuring your machine to use promiscuous relaying, you allow anyone to use your machine as relay. To enable promiscuous relaying configure the etc/mail/sendmail.mc by appending the following line:
FEATURE(promiscuous_relay)dnl

To disable promiscuous relaying configure the etc/mail/sendmail.mc by removing the following line:
FEATURE(promiscuous_relay)dnl

To allow relayn from a specific host, domain, or network, edit /etc/mail/access and add an entry to permit this.
Then restart sendmail.

Hope this can help you.
Roberto
Reply
U.SivaKumar_2
Honored Contributor

‎10-09-2002 08:13 PM

‎10-09-2002 08:13 PM

Solution

Re: How can I tell if my system is being used to relay email?

Hi,
It is ok that
The remote mail servers will be refered in the
relay= parameter in maillog

If you are interested in checking whether your
mail server is a open relay . Do this

Open telnet port in firewall for your mail server.

Then.

#telnet relay-test.mail-abuse.org

Wait for 10 minutes , it will give you the results.

regards,
U.SivaKumar
Innovations are made when conventions are broken
Reply
Balaji N
Honored Contributor

‎10-13-2002 07:29 PM

‎10-13-2002 07:29 PM

Re: How can I tell if my system is being used to relay email?

Alternatively, just visit the following URL and give your mail server address

http://www.abuse.net/relay.html

hth
-balaji
Its Always Important To Know, What People Think Of You. Then, Of Course, You Surprise Them By Giving More.
0 Kudos
Reply
Chan Choth PUTH
Advisor

‎11-15-2002 01:33 AM

‎11-15-2002 01:33 AM

Re: How can I tell if my system is being used to relay email?

Dear U.SivaKumar,

When I try to telnet:
$ telnet relay-test.mail-abuse.org
I have got the following:
Trying 204.152.187.123...
telnet: connect to address 204.152.187.123: No route to host
What's happen?

Thanks,

Choth
Sharing IT knowledge and Information
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎11-15-2002 02:07 AM

‎11-15-2002 02:07 AM

Re: How can I tell if my system is being used to relay email?

Welcome my old friend choth,

Have you opened outgoing telnet port in your firewall ?.

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎11-15-2002 02:10 AM

‎11-15-2002 02:10 AM

Re: How can I tell if my system is being used to relay email?

Also can you reach internet from this mail server ?

Have you got default gateway as internet gateway or your firewall


regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.