Afternoon all, have a machine which abuse.net is ready to shut off due to spam. All relays say it's fine, but on their site they have a telnet test;
http://www.spamlinks.net/prevent-sec...est.htm#telnet
which simply says do the following;
telnet relay-test.mail-abuse.org
telnet rt.njabl.org 2500

after a while numerous tests it came back with 1 relay.
250 flushed
MAIL FROM:<relaytestsend@rt.njabl.org>
250 ok
RCPT TO:<relaytest%rr.njabl.org@server_name>
250 ok
DATA
354 go ahead
X-RT-Subject: relaytest:

and did see where it failed and allowed but no clue how to stop it. It did fail on most domains tested but the point is, it's still a relay which someone is using to send mail through.

This is a dns / webserver and also is setup as a mail server (receiveing only). The people who get mail use their local ISP to send but I don't know howto shut down ALL outgoing mail and on top of that, if I do, will any website that is using the php mail() command now stop working?


This is a CentOS4 box with firewall enabled, with the following iptables config;

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
COMMIT

did a ps-fax |grep qmail and got the following;

anonymous@server yokaitis@aol.com
25329 ? S 0:00 | \_ qmail-remote aol.com anonymous@server dgiles54@aol.com
25330 ? S 0:00 | \_ qmail-remote aol.com anonymous@server nlrdrg@aol.com
25331 ? S 0:00 | \_ qmail-remote aol.com
(note there were about 50 of the above in queue)

So it looks like they ar being sent via qmail. When I did a qmailctrl stop, I got the following;
Stopping qmail...
qmail-smtpd
qmail-send

even after the stop they stayed resident which I had to kill each, but still a qmailctrl shows;
/service/qmail-send: up (pid 16311) 1933 seconds, want down
/service/qmail-send/log: down 2021 seconds, normally up
/service/qmail-smtpd: down 1683 seconds, normally up
/service/qmail-smtpd/log: down 2021 seconds, normally up
messages in queue: 128

So either solition seems to be , A) can you start qmail-smtp to still receive but not start qmail-send, or can you only allow that box to send if it's from himself (via squrellmail or php mail()) or option B) Can you start qmail w/o qmail send and if so would you still be able to send mail via websites and squirrelmail?

By stopping qmail though it does fail the telnet tests.

Thank you in advance for prompt reading / suggestions. Hope I left enough information, if not, please let me know what else I can provide to help.

Regards,
Lance