Find the answer to your Linux question:
Results 1 to 5 of 5
My system is : # uname -a Linux mail-2012.trezor 2.6.32-358.0.1.el6.i686 #1 SMP Wed Feb 20 11:05:00 EST 2013 i686 i686 i386 GNU/Linux I am using : sendmail-8.14.4-8.el6.i686, milter-greylist-4.2.7-1.el6.rf.i686, MailWatch Version ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2008
    Posts
    13

    Relay problem


    My system is :
    # uname -a
    Linux mail-2012.trezor 2.6.32-358.0.1.el6.i686 #1 SMP Wed Feb 20 11:05:00 EST 2013 i686 i686 i386 GNU/Linux

    I am using : sendmail-8.14.4-8.el6.i686, milter-greylist-4.2.7-1.el6.rf.i686, MailWatch Version = 1.2.0, MailScanner Version = 4.84.5, PHP Version = 5.3.3, MySQL Version = 5.1.61
    And it generally works.
    BUT the last few days my server is relaying mail from China IP addresses.
    I have checked it, but all checks say that it is not a open relay.

    My access table is very restrictive :
    Connect:localhost.localdomain RELAY
    Connect:localhost RELAY
    Connect:127.0.0.1 RELAY
    10 RELAY

    But still relaying happens :
    # less /var/log/maillog|grep r27JHKTm013174
    Mar 7 20:17:32 mail-2012 milter-greylist: r27JHKTm013174: addr = [113.109.183.96][113.109.183.96], from = <user1 A my.domain>, rcpt = <liudianaw A btamail.net.cn>
    Mar 7 20:17:32 mail-2012 milter-greylist: r27JHKTm013174: skipping greylist because this is the default action, (from=<user1 A my.domain>, rcpt=<liudianaw A btamail.net.cn>, addr=[113.109.183.96][113.109.183.96]) ACL 227

    ETC

    Help!

  2. #2
    Just Joined!
    Join Date
    Sep 2012
    Location
    Nashville, TN
    Posts
    93
    can you post the output of netstat -a , and post your main.cf and maybe master.cf files?

  3. #3
    Just Joined!
    Join Date
    Jan 2008
    Posts
    13

    Relay problem

    Quote Originally Posted by bsdtux View Post
    can you post the output of netstat -a , and post your main.cf and maybe master.cf files?
    # netstat -a
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 *:amqp *:* LISTEN
    tcp 0 0 *:mysql *:* LISTEN
    tcp 0 0 *:submission *:* LISTEN
    tcp 0 0 *pop3 *:* LISTEN
    tcp 0 0 *:imap *:* LISTEN
    tcp 0 0 *:sunrpc *:* LISTEN
    tcp 0 0 *:urd *:* LISTEN
    tcp 0 0 *:ssh *:* LISTEN
    tcp 0 0 localhost:ipp *:* LISTEN
    tcp 0 0 *:smtp *:* LISTEN
    tcp 0 0 *:sieve *:* LISTEN
    tcp 0 0 localhost:11553 *:* LISTEN
    tcp 0 0 *:imaps *:* LISTEN
    tcp 0 0 *pop3s *:* LISTEN
    tcp 0 0 *:52068 *:* LISTEN
    tcp 0 0 10.1.1.36pop3 10.150.2.36:50152 TIME_WAIT
    tcp 0 0 localhost:47327 localhost:11553 TIME_WAIT
    tcp 0 0 10.1.1.36:smtp e11mailgw01.open.tele:58120 TIME_WAIT
    tcp 0 0 10.1.1.36op3 10.66.2.74:59201 TIME_WAIT
    tcp 0 0 10.1.1.36:37710 79-101-160-230.static.:smtp TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.112.2.13:52403 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.33.1.84:49329 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.36.0.21:amx-rms TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.66.2.210:49392 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.33.16.36:elad TIME_WAIT
    tcp 0 0 10.1.1.36:smtp blu0-omc1-s34.blu0.ho:30630 ESTABLISHED
    tcp 0 67032 10.1.1.36:44684 bk-in-f26.1e100.net:smtp ESTABLISHED
    tcp 0 0 10.1.1.36pop3 10.66.2.89:herodotus-net ESTABLISHED
    tcp 0 0 10.1.1.36pop3 10.32.34.114:49707 TIME_WAIT
    tcp 0 0 localhost:47342 localhost:11553 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.154.2.78:53065 TIME_WAIT
    tcp 1 0 localhost:11553 localhost:47345 CLOSE_WAIT
    tcp 0 0 10.1.1.36pop3 10.33.3.100:49665 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.36.0.212pcommunity TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.34.3.101:wag-service TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.32.34.168:4911 TIME_WAIT
    tcp 1 0 10.1.1.36:42925 mta-v2.mail.vip.ird.ya:smtp CLOSE_WAIT
    tcp 0 0 10.1.1.36pop3 10.144.2.111:34886 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.104.2.74:57828 TIME_WAIT
    tcp 0 0 10.1.1.36pop3 10.32.34.146:icp TIME_WAIT
    tcp 0 0 *:amqp *:* LISTEN
    tcp 0 0 *:sunrpc *:* LISTEN
    tcp 0 0 *:http *:* LISTEN
    tcp 0 0 *:54832 *:* LISTEN
    tcp 0 0 *:ssh *:* LISTEN
    tcp 0 0 localhost:ipp *:* LISTEN
    tcp 0 0 *:https *:* LISTEN
    tcp 0 0 *csync-https *:* LISTEN
    udp 0 0 *:aodv *:*
    udp 0 0 *:783 *:*
    udp 0 0 10.1.1.36:25621 nss.my.domain:domain ESTABLISHED
    udp 0 0 *:52632 *:*
    udp 0 0 10.1.1.36:36378 nss.my.domain:domain ESTABLISHED
    udp 0 0 10.1.1.36:59292 nss.my.domain:domain ESTABLISHED
    udp 0 0 10.1.1.36:54180 nss.my.domain:domain ESTABLISHED
    udp 0 0 *fr *:*
    udp 0 0 10.1.1.36:44361 nss.my.domain:domain ESTABLISHED
    udp 0 0 10.1.1.36:51938 nss.my.domain:domain ESTABLISHED
    udp 0 0 10.1.1.36:44262 nss.my.domain:domain ESTABLISHED
    udp 0 0 *:mdns *:*
    udp 0 0 *:kerberos-iv *:*
    udp 0 0 *:sunrpc *:*
    udp 0 0 10.1.1.36:44149 10.1.2.36:domain ESTABLISHED
    udp 0 0 *:ipp *:*
    udp 0 0 10.1.1.36:43259 nss.my.domain:domain ESTABLISHED
    udp 0 0 10.1.1.36:ntp *:*
    udp 0 0 localhost:ntp *:*
    udp 0 0 *:ntp *:*
    udp 0 0 10.1.1.36:50940 nss.my.domain:domain ESTABLISHED
    udp 0 0 *:57469 *:*
    udp 0 0 10.1.1.36:49669 10.35.2.80:domain ESTABLISHED
    udp 0 0 *:37390 *:*
    udp 0 0 *:aodv *:*
    udp 0 0 *:sunrpc *:*
    udp 0 0 fe80::213:72ff:fe5b:88c8:ntp *:*
    udp 0 0 localhost:ntp *:*
    udp 0 0 *:ntp *:*
    Active UNIX domain sockets (servers and established)
    Proto RefCnt Flags Type State I-Node Path
    unix 2 [ ACC ] STREAM LISTENING 13316 /var/run/acpid.socket
    unix 2 [ ACC ] STREAM LISTENING 20272 /var/run/fail2ban/fail2ban.sock
    unix 2 [ ACC ] STREAM LISTENING 19673 /var/run/abrt/abrt.socket
    unix 2 [ ACC ] STREAM LISTENING 7328 @/com/ubuntu/upstart
    unix 2 [ ACC ] STREAM LISTENING 13932 /var/lib/mysql/mysql.sock
    unix 2 [ ACC ] STREAM LISTENING 12369177 /var/run/dovecot/login/sieve
    unix 2 [ ACC ] STREAM LISTENING 12369179 /var/run/dovecot/login/ssl-params
    unix 2 [ ACC ] STREAM LISTENING 12369181 /var/run/dovecot/login/pop3
    unix 2 [ ACC ] STREAM LISTENING 12369187 /var/run/dovecot/lmtp
    unix 2 [ ACC ] STREAM LISTENING 12369189 /var/run/dovecot/login/imap
    unix 2 [ ACC ] STREAM LISTENING 12369195 /var/run/dovecot/doveadm-server
    unix 2 [ ACC ] STREAM LISTENING 12369199 /var/run/dovecot/dns-client
    unix 2 [ ACC ] STREAM LISTENING 13346 @/var/run/hald/dbus-lPB6BDoolo
    unix 2 [ ACC ] STREAM LISTENING 12369201 /var/run/dovecot/login/dns-client
    unix 2 [ ACC ] STREAM LISTENING 12369205 /var/run/dovecot/director-admin
    unix 2 [ ] DGRAM 7505 @/org/kernel/udev/udevd
    unix 2 [ ACC ] STREAM LISTENING 12369209 /var/run/dovecot/dict
    unix 2 [ ACC ] STREAM LISTENING 12369213 /var/run/dovecot/config
    unix 35 [ ] DGRAM 9336 /dev/log
    unix 2 [ ACC ] STREAM LISTENING 12369215 /var/run/dovecot/login/login
    unix 2 [ ACC ] STREAM LISTENING 12369219 /var/run/dovecot/auth-login
    unix 2 [ ACC ] STREAM LISTENING 12369223 /var/run/dovecot/auth-client
    unix 2 [ ACC ] STREAM LISTENING 12369227 /var/run/dovecot/auth-userdb
    unix 2 [ ACC ] STREAM LISTENING 12369231 /var/run/dovecot/auth-master
    unix 2 [ ACC ] STREAM LISTENING 12369235 /var/run/dovecot/auth-worker
    unix 2 [ ACC ] STREAM LISTENING 12369239 /var/run/dovecot/anvil
    unix 2 [ ACC ] STREAM LISTENING 12369243 /var/run/dovecot/anvil-auth-penalty
    unix 2 [ ] DGRAM 13385 @/org/freedesktop/hal/udev_event
    unix 2 [ ACC ] STREAM LISTENING 14101 /var/run/saslauthd/mux
    unix 2 [ ACC ] STREAM LISTENING 18550 /var/milter-greylist/milter-greylist.sock
    unix 2 [ ACC ] STREAM LISTENING 13351 @/var/run/hald/dbus-D5mFLphzYU
    unix 2 [ ] DGRAM 9302 /var/run/portreserve/socket
    unix 2 [ ACC ] STREAM LISTENING 9541 /var/run/rpcbind.sock
    unix 2 [ ACC ] STREAM LISTENING 12561 /var/run/dbus/system_bus_socket
    unix 2 [ ACC ] STREAM LISTENING 12679 /var/run/avahi-daemon/socket
    unix 2 [ ACC ] STREAM LISTENING 13287 /var/run/cups/cups.sock
    unix 3 [ ] STREAM CONNECTED 14449244 /var/milter-greylist/milter-greylist.sock
    unix 3 [ ] STREAM CONNECTED 14449243
    unix 3 [ ] STREAM CONNECTED 14449068 /var/run/dovecot/auth-worker
    unix 3 [ ] STREAM CONNECTED 14449047
    unix 3 [ ] STREAM CONNECTED 14443941 /var/run/dovecot/auth-worker
    unix 3 [ ] STREAM CONNECTED 14443922
    unix 2 [ ] DGRAM 14409761
    unix 2 [ ] DGRAM 14409617
    unix 2 [ ] DGRAM 14409452
    unix 2 [ ] DGRAM 14409384
    unix 2 [ ] DGRAM 14409184
    unix 3 [ ] STREAM CONNECTED 14408046 /var/lib/mysql/mysql.sock
    unix 3 [ ] STREAM CONNECTED 14408045
    unix 2 [ ] DGRAM 14407804
    unix 2 [ ] DGRAM 14407787
    unix 2 [ ] DGRAM 14407769
    unix 2 [ ] DGRAM 14396345
    unix 3 [ ] STREAM CONNECTED 14396224 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 14396223
    unix 3 [ ] STREAM CONNECTED 14396098
    unix 3 [ ] STREAM CONNECTED 14396097
    unix 2 [ ] DGRAM 14396094
    unix 2 [ ] DGRAM 13714016
    unix 2 [ ] DGRAM 13676585
    unix 2 [ ] DGRAM 13664682
    unix 2 [ ] DGRAM 13664649
    unix 2 [ ] DGRAM 13662811
    unix 2 [ ] DGRAM 13645974
    unix 2 [ ] DGRAM 12372461
    unix 3 [ ] STREAM CONNECTED 12369306 /var/run/dovecot/anvil-auth-penalty
    unix 3 [ ] STREAM CONNECTED 12369305
    unix 3 [ ] STREAM CONNECTED 12369314 /var/run/dovecot/login/login
    unix 3 [ ] STREAM CONNECTED 12369302
    unix 3 [ ] STREAM CONNECTED 12369301 /var/run/dovecot/anvil
    unix 3 [ ] STREAM CONNECTED 12369300
    unix 3 [ ] STREAM CONNECTED 12369296 /var/run/dovecot/config
    unix 3 [ ] STREAM CONNECTED 12369288
    unix 3 [ ] STREAM CONNECTED 12369173
    unix 3 [ ] STREAM CONNECTED 12369172
    unix 2 [ ] DGRAM 3357223
    unix 3 [ ] STREAM CONNECTED 3355281 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3355280
    unix 3 [ ] STREAM CONNECTED 3355029 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3355028
    unix 3 [ ] STREAM CONNECTED 3355016 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3355015
    unix 3 [ ] STREAM CONNECTED 3354182 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3354181
    unix 3 [ ] STREAM CONNECTED 3354178 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3354177
    unix 3 [ ] STREAM CONNECTED 3354052 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3354051
    unix 3 [ ] STREAM CONNECTED 3354028 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 3354027
    unix 2 [ ] DGRAM 1263654
    unix 2 [ ] DGRAM 22568
    unix 2 [ ] DGRAM 21026
    unix 2 [ ] DGRAM 20106
    unix 2 [ ] DGRAM 19993
    unix 2 [ ] DGRAM 19675
    unix 2 [ ] DGRAM 14283
    unix 2 [ ] DGRAM 14100
    unix 2 [ ] DGRAM 13772
    unix 2 [ ] DGRAM 13700
    unix 3 [ ] STREAM CONNECTED 13647 /var/run/acpid.socket
    unix 3 [ ] STREAM CONNECTED 13646
    unix 3 [ ] STREAM CONNECTED 13641 @/var/run/hald/dbus-lPB6BDoolo
    unix 3 [ ] STREAM CONNECTED 13640
    unix 3 [ ] STREAM CONNECTED 13615 @/var/run/hald/dbus-lPB6BDoolo
    unix 3 [ ] STREAM CONNECTED 13614
    unix 3 [ ] STREAM CONNECTED 13368 @/var/run/hald/dbus-D5mFLphzYU
    unix 3 [ ] STREAM CONNECTED 13367
    unix 3 [ ] STREAM CONNECTED 13348 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 13347
    unix 2 [ ] DGRAM 13318
    unix 3 [ ] STREAM CONNECTED 13234
    unix 3 [ ] STREAM CONNECTED 13233
    unix 3 [ ] STREAM CONNECTED 13067 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 13066
    unix 2 [ ] DGRAM 12759
    unix 3 [ ] STREAM CONNECTED 12682 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12681
    unix 3 [ ] STREAM CONNECTED 12676
    unix 3 [ ] STREAM CONNECTED 12675
    unix 2 [ ] DGRAM 12673
    unix 3 [ ] STREAM CONNECTED 12633 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12632
    unix 2 [ ] DGRAM 12631
    unix 3 [ ] STREAM CONNECTED 12609 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12608
    unix 3 [ ] STREAM CONNECTED 12600 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12599
    unix 2 [ ] DGRAM 12595
    unix 3 [ ] STREAM CONNECTED 12573 /var/run/dbus/system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12572
    unix 3 [ ] STREAM CONNECTED 12566
    unix 3 [ ] STREAM CONNECTED 12565
    unix 3 [ ] DGRAM 7520
    unix 3 [ ] DGRAM 7519

    All IP beginning with 10. are my internal network...
    As for main.cf/master.cf you mean sendmail.mc?

  4. #4
    Just Joined!
    Join Date
    Sep 2012
    Location
    Nashville, TN
    Posts
    93
    See if this link helps. Disable or Enable open relay in sendmail ~ Linux How to to tighten up security.

  5. #5
    Just Joined!
    Join Date
    Jan 2008
    Posts
    13

    "relay" problem

    Thank you.
    I will most certenly read it.
    I have solved my problem by deleting the problematic accounts, and it works.
    As far as I can see accounts were hacked (user + pass) so the "relay" spam messages were seen by system as regular mail.
    Thank you all for messages!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •