LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   possible mail relay (https://www.linuxquestions.org/questions/linux-security-4/possible-mail-relay-292785/)

tangle 02-20-2005 10:12 PM
possible mail relay
 
I got this in my logs. I only relay to localhost and my domain. I am not running pop3. Does this this mean that someone relayed through my mail server?

Feb 20 22:18:43 srv1 sm-mta[22451]: j1L3IeRj022451: ruleset=check_rcpt,
arg1=fnlee11@hanmail.net, relay=[211.224.152.168], reject=550 5.7.1
fnlee11@hanmail.net... Relaying denied. IP name lookup failed [211.224.152.168]

Feb 20 22:18:43 srv1 sm-mta[22451]: j1L3IeRj022451: ruleset=check_rcpt,
arg1=fnlee11@hanmail.net, relay=[211.224.152.168], reject=550 5.7.1
fnlee11@hanmail.net... Relaying denied. IP name lookup failed [211.224.152.168]

Feb 20 22:18:43 srv1 sm-mta[22451]: j1L3IeRj022451: lost input channel from
[211.224.152.168] to MTA after rcpt

Feb 20 22:18:43 srv1 sm-mta[22451]: j1L3IeRj022451: from=w686560@weppy.com, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[211.224.152.168]

bathory 02-21-2005 02:11 AM
Those logs mean that you're OK, since the "relay=[211.224.152.168]" tried to use your mail-server but failed with the "reject=550 5.7.1 fnlee11@hanmail.net... Relaying denied. IP name lookup failed "
You can also test your mail-server here to see if it passes all the relay tests.

Regards

tangle 02-21-2005 06:59 AM
The only part I didn't understand was this.
Feb 20 22:18:43 srv1 sm-mta[22451]: j1L3IeRj022451: from=w686560@weppy.com, size=0,
class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[211.224.152.168]

I seen where it dropped the other name, but this says nothing about a drop. I wasn't sure if they relayed through the server or not. So I shut it down and post here. Didn't want to be part of the spaml problem. Thanks

bagira 02-23-2005 04:41 PM
I donīt know much about your mail server and the according logs, but j1L3IeRj022451 is the ID of the email and itīs always the same in your logs. I think thats only an entry to let you know, that the address 211.224.152.168 wanted to relay. Do you have sender verification turned on? What MTA do you use?
~bagira

tangle 02-23-2005 06:42 PM
I am using Sendmail 8.12.11. I think that I had the verification turned off. So I edited the sendmail.mc say this:
dnl# EATURE(`accept_unresolvable_domains')dnl
This should turn it on, right?


All times are GMT -5. The time now is 11:03 AM.