Relay via Sendmail

I'm running sendmail and I have relay turned off.

Up until a few days ago I haven't had any problems. From time to time I
would see a message in my logs saying that relay was denied for someone
trying to relay through my system.

But recently I've noticed a few times where a message bounced from an
attempted delivery to an outside system because of an invalid userid
or an invalid siteid. Upon closer inspection each one of these bounced
messages was sent by the same client via my system connecting via sendmail
.... a client of which I am unfamilar.

How can this happen?

Well, you've piqued my interest. Next time this happens would you be
willing to post the headers of the bounce message?

Marshall Lake wrote:

>I'm running sendmail and I have relay turned off.
>
>Up until a few days ago I haven't had any problems. From time to time I
>would see a message in my logs saying that relay was denied for someone
>trying to relay through my system.
>
>But recently I've noticed a few times where a message bounced from an
>attempted delivery to an outside system because of an invalid userid
>or an invalid siteid. Upon closer inspection each one of these bounced
>messages was sent by the same client via my system connecting via sendmail
>... a client of which I am unfamilar.
>
>How can this happen?
>
>
>


--
Spammers' real email addresses:
arero68@hanmail.net business@99peak.com epschao@sogiant.twmail.net
gagq@gagq.com good_day@sendmailforyou.com
imc911@netian.com kim@derek.nl infobank7655@hanmail.net iloveadult2004@yahoo.co.kr
kingoffice@so-net.net.tw ksc-0110@hanmail.net medsman25@aol.com mom666@seed.net.tw
sogiant.service@msa.hinet.net succa@roofo.com smtp007@so-net.net.tw shir88@seed.net.tw
yahoomelsww@yahoo.com

Check out my Java, SQL and Python samples at http://rowland.blcss.com/

>>I'm running sendmail and I have relay turned off.
>>
>>But recently I've noticed a few times where a message bounced from an
>>attempted delivery to an outside system because of an invalid userid
>>or an invalid siteid. Upon closer inspection each one of these bounced
>>messages was sent by the same client via my system connecting via sendmail
>>... a client of which I am unfamilar.
>>
>>How can this happen?

> Well, you've piqued my interest. Next time this happens would you be
> willing to post the headers of the bounce message?

I don't have the bounced message. It just shows up in my logs as
bouncing. I don't know much about this stuff but I'm assuming the reason
is because the sendmail client in question is using my system as a relay
somehow (relay is turned off) and the actual message is bouncing back
to the client.

"Marshall Lake" <mlake@NS.mlake.net> wrote in message
news:slrncd5pv6.m6c.mlake@mlake.net

> I don't have the bounced message. It just shows up in my logs as
> bouncing.

You should post the log entries so people can see exactly the nature of your
concern. There is a unique queueID for each mail issue, so something like:

# grep i5HDk2L9025516 /var/log/maillog

would be very informative.


tony


--
use hotmail for email replies

> You should post the log entries so people can see exactly the nature of your
> concern. There is a unique queueID for each mail issue, so something like:

Below are two examples of the log entries I'm getting. There are four
different queueIDs but the instances seem to me to be related into two
sets of errors. From my limited understanding it seems to me that one
queueID is reflecting a bounced spam message that was sent to a userid
on my system (the email address of which was picked up from a Usenet
posting by me). But I'm not quite understanding the seemingly-related
error with a separate queueID. It appears to me it could be a message
that was relayed through my system which bounced.

info.1:Jun 8 12:36:53 mlake postfix/cleanup[15447]: 7E88E5981: message-id=<20040608163653.7E88E5981@mlake.net>
info.1:Jun 8 12:36:55 mlake postfix/qmgr[1080]: 7E88E5981: from=<>, size=44385, nrcpt=1 (queue active)
info.1:Jun 8 12:36:55 mlake postfix/qmgr[1080]: 7E88E5981: to=<susan@servedby.advertising [1].txt>, relay=none, delay=2, status=bounced (bad host/domain syntax: "servedby.advertising [1].txt")

info.1:Jun 11 12:49:41 mlake postfix/smtpd[17383]: 206FA5981: client=pcp03263460pcs.waldlk01.mi.comcast.net[68.61.156.57]
info.1:Jun 11 12:49:42 mlake postfix/cleanup[17388]: 206FA5981: message-id=<20040611164941.206FA5981@mlake.net>
info.1:Jun 11 12:49:44 mlake postfix/qmgr[1080]: 206FA5981: from=<susan@servedby.advertising [2].txt>, size=42870, nrcpt=1 (queue active)
info.1:Jun 11 12:49:44 mlake postfix/local[17386]: 206FA5981: to=<slrnbtbnhh.99p.mlake@mlake.net>, relay=local, delay=3, status=bounced (unknown user: "slrnbtbnhh.99p.mlake")


info.1:Jun 9 00:12:16 mlake postfix/smtpd[19655]: 62586596C: client=pcp03263460pcs.waldlk01.mi.comcast.net[68.61.156.57]
info.1:Jun 9 00:12:16 mlake postfix/cleanup[19660]: 62586596C: message-id=<20040609041216.62586596C@mlake.net>
info.1:Jun 9 00:12:18 mlake postfix/qmgr[1080]: 62586596C: from=<support@voi..>, size=41866, nrcpt=1 (queue active)
info.1:Jun 9 00:12:18 mlake postfix/local[19658]: 62586596C: to=<slrnbtbnhh.99p.mlake@mlake.net>, relay=local, delay=2, status=bounced (unknown user: "slrnbtbnhh.99p.mlake")

info.1:Jun 9 00:12:18 mlake postfix/cleanup[19656]: 402535966: message-id=<20040609041218.402535966@mlake.net>
info.1:Jun 9 00:12:19 mlake postfix/qmgr[1080]: 402535966: from=<>, size=43395, nrcpt=1 (queue active)
info.1:Jun 9 00:12:19 mlake postfix/qmgr[1080]: 402535966: to=<support@voi.>, relay=none, delay=1, status=bounced (bad host/domain syntax: "voi.")

"Marshall Lake" <mlake@NS.mlake.net> wrote in message
news:slrncd64me.npo.mlake@mlake.net

> Below are two examples of the log entries I'm getting.
[...]
> info.1:Jun 11 12:49:41 mlake postfix/smtpd[17383]: 206FA5981:
[...]

It's *very* misleading when your Subject: lines states a sendmail problem,
yet you are actually using Postfix.

--
use hotmail for email replies

>> Below are two examples of the log entries I'm getting.
> [...]
>> info.1:Jun 11 12:49:41 mlake postfix/smtpd[17383]: 206FA5981:
> [...]

> It's *very* misleading when your Subject: lines states a sendmail problem,
> yet you are actually using Postfix.

Indeed I am. I apologize.