On Fri, 18 Jul 2003 00:04:28 GMT, Sean Plaice <nobody@127.0.0.1>
wrote:

>On Thu, 17 Jul 2003 13:05:20 -0400, Lindsay MacArthur wrote:
>
>> I'm replying to a 4 month old thread because the problem has started
>> again. Everything ran great for 4 months but now I'm being used to
>> send out spam and I don't understand how. All my control files look
>> good and I'm quite sure I'm not an open relay. As far as I can tell
>> none of the websites have formmail going of any kind.
>Whenever you allow someone other then yourself to send messages through
>your server you have the potential for people to send spam through your
>mail system.
>
>Since you mention formmail, but are still not sure about 'where' the spam
>is coming from you should post the headers one of the 'spam' messages sent
>through your system. You gotta figure out where the problem is coming from
>before you can fix it.
>
>What measures are you using to limit who has the ability to relay through
>your system?

I'm using rcpthosts and /etc/tcp.smtp... the site shouldn't be
letting anybody relay through it. The only emails I want going out
from that machine are for people who have setup forwarding addresses
to remote machines.

My /etc/tcp.smtp is:

127.:allow,RELAYCLIENT=""

I haven't seen any of the emails that go out, I just can see a bunch
of qmail-remote when I look at the processes, and I've had complaints
from upstream about the spam. I can also look at the mail logs and
see oodles of messages flying around.

Thanks for your help!

doug