qmail smtp abuse despite rcpthosts file

This is a discussion on qmail smtp abuse despite rcpthosts file within the alt.comp.mail.qmail forums, part of the Mail Servers and Related category; Dear all, I'm running a qmail server installation which has been subject to abuse since a few days. I ...


Go Back   Usenet Forums > Mail Servers and Related > alt.comp.mail.qmail

Reload this Page qmail smtp abuse despite rcpthosts file

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-15-2006
mangm
 
Posts: n/a
Default qmail smtp abuse despite rcpthosts file
Dear all,

I'm running a qmail server installation which has been subject to abuse
since a few days. I have an rcpthosts file, and relaying is disabled.
The following log excerpt shows an smtp transaction, successfully
sending a spam email. That email bounced, and was therefore forwarded
back to me. The non existing recipient (bducb@mangm.de) appears as the
*sender* of the spam email (mail header pasted below) and any spam
emails sent through my system seem to share this syndrome.

Can somebody kindly explain the mechanism used for successfully sending
these messages, although relaying is disabled and a rcpthosts file
exists?
Incidentally, I recently transferred the domain "mangm.de" from a
windows server running Ability Mail Server to a server running
Linux/qmail.

On Ability Mail Server, I had used implicit tsl for smtp
authentification and had disabled relaying, but was successfully
subjected to the same kind of abusive mails nonetheless.

LOG EXCERPT:
Oct 15 12:31:21 h772330 qmail: 1160908281.479282 new msg 2851733
Oct 15 12:31:21 h772330 qmail: 1160908281.479359 info msg 2851733:
bytes 18841 from <> qp 32156 uid 2020
Oct 15 12:31:21 h772330 qmail: 1160908281.490857 starting delivery 707:
msg 2851733 to local 7-bducb@mangm.de
Oct 15 12:31:21 h772330 qmail: 1160908281.490899 status: local 1/10
remote 0/20

ACTUAL MAIL HEADER:
Return-Path: <bducb@mangm.de>
Received: from e182121160.adsl.alicedsl.de (e182121160.adsl.alicedsl.de
[85.182.121.160])
by six.baremetal.com (8.13.4/8.13.4) with SMTP id k9FAQAss012318
for <webmaster@creativepursuits.ca>; Sun, 15 Oct 2006 03:26:11 -0700
Received: from 85.182.239.53 ([85.182.239.53])
by e182121160.adsl.alicedsl.de (8.13.4/8.13.4) with SMTP id
k9FAZcTN062681;
Sun, 15 Oct 2006 12:35:38 +0200
Message-ID: <45320DA9.5000200@mangm.de>
Date: Sun, 15 Oct 2006 12:30:01 +0200
From: Benny Cameron <bducb@mangm.de>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: webmaster@creativepursuits.ca
Subject: liability heavy-duty
Content-Type: multipart/related;
boundary="------------000501040502080909050803"
X-Scanned-By: MIMEDefang 2.36

Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 03:35 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0