Hi All Experts

I am in very bad situation kindly help me.

I have problem of open relay in my sendmail 8.12.3 on rhel 3 platform

I did few things to stop open relay like SMTP AUTH Login Plain, I allow relaying only to my local ips in a LAN network using access file. And I have Anivirus server who take care of spams and viruses. all email will pass this test to go out side of firewall.

And finaly i upgrade my sendmail version to 8.14.3 but still i am facing same kind of problem.

I Try relay-domain file but yet facing problem.

Kidly give me any hint to stop open relay.

Please send me any solution for that.

I search a lot.. but not got any perfect solution.

Thanks...

Hi,

I think in your network one or more computer has/have got a virus/trojan infection and that computer(s) sends out the spams.

Obvious the local network's computers can relay. So it does not depend on the sendmail version nor mail server.

Download the iptraf and start it.

Then start to monitor the local traffic which computer sends out smtp packets. The iptraf is going to show you any network traffic like smtp.
So you can find out which one the "bad" computer in the network.

Laz

Respected Sir,

Thanks for your reply.

Any othere possisiblity for closing open relay in sendmail.

give me suggesion for controling open relay.

becouse i have wast LAN setup here.

kinly gauid me.


Thanks

Hi,

The sendmail controls relay through access file.

I suppose in access file the LAN part looks something like this:

So if you want to exclude computers under your LAN you can play with access configuration.
The 192.168.1 or whatever that numbers responsible for client computers for relaying.

I hope it helped.

Let me know what is going on and I'll try to help you mate.

Laz

Thanks again

In my sendmail access file i allow separet pc's for RELAY

like
192.168.1.23 RELAY
192.168.3.67 RELAY

there is around 25 pc's acros LAN. i put all these in access file.
and all these pc's are in behinde firewall.

but the problem is i configure sendmail 8.14.3 on RHEL3.
but from few weeks i am not able to sendmail emails to any domain excepts gmail.com. and sometimes yahoo.co.in.

The baounce emails error like

The following addresses had delivery problems
<confo-ng-mh@nic.in> Reply from 164.100.2.7[164.100.2.7]: 554-vastu12.nic.in
554 Your access to this mail system has been rejected due to the sending MTA's
+poor reputation. If you believe that this failure is in error, please contact
+the intended recipient via alternate means.
<r.bhange@live.com> Reply from col0-mc3-f.col0.hotmail.com[65.55.37.104]:
+550 OU-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons+for rejection may be related to content with spam-like characteristics or
+IP/domain reputation problems. If you are not an email/network admin please
+contact your E-mail/Internet Service Provider for help. Email/network admins,
+please visit http://postmaster.live.com for email delivery information and
+support
<r.bhange@yahoo.co.in> Reply from 202.86.5.24[202.86.5.24]: 553 Mail from
+203.129.203.164 not allowed - [80]
[B]<r.bhange@rediffmail.com> Reply from 202.137.234.30[202.137.234.30]: 553
+Message from 203.129.203.164 rejected - see
+http://spamblock.outblaze.com/203.129.203.164[/B]<r.bhange@in.com> Reply from 123.108.40.2[123.108.40.2]: 554-mx2.in.com
554-Your ability to send mails to the IN.com Mail System has been restricted due
+to the Sending Mail Server's Reputation as a Spammer. This does not mean you+are sending a spam message, it just means that the server you used has been
+used to send out spam in the recent past.
554-Please make sure you are using the appropriate outgoing mail server
+according to your email address, and not your ISP's generic SMTP server, or a
+third party server which may be sending mails that don't belong to its
+registered domain.
554-
554 If you believe that this failure is in error, please contact the intended
+recipient using a different mail address, or contact <mailadmin@web18.in> with
+details of this bounce mail.

As messege indicate it would be possibaly open relay problem.
or any othere in cant find it out.

Please suggest me any othere things i have to do in my setup or in configuration files of sendmail.

If ur getting any clue kindly suggest me.

I waitting for your reply.

Thanks Agains Sir

It looks like your domain was open-relay and your domain still listed in some open-relay database sites.

You can check your site here:http://www.dnsgoodies.com/ (the checks take minutes)

and here: http://www.au.sorbs.net/cgi-bin/db (needs registration)

If you find out that your site is listed somewhere you can delete from their site. To do that you can send an e-mail them for deleting request or use the delete request form. It takes 1-2 days to take off from their database but it depends on the site.

But if your client computer has got an infection and the virus scanner is not able to catch it the clients still able to send out spams.

The relaying is allowed from client computers so you must check them.

Laz

You can also check your site using web tools