[Tfug] Qmail and Open Relay

Andrew Ayre andy at britishideas.com
Fri Jun 8 19:09:13 MST 2007 

Hi Brian,

If I look at the log file generated by a perl script that is called when a
message is received (/var/spool/qmailscan/qmail-queue.log), I see entries
like:

Sun, 22 Apr 2007 16:41:27 CEST:5450: return-path='gdxc at mydomain.com',
recips='a_cong197 at sohu.com'
Sun, 22 Apr 2007 16:41:27 CEST:5450: from='"Lliziq" <gdxc at mydomain.com>',
subj='=?GB2312?B?W8HLIL3iIL3TILT9IL/NILunILXEIMDxINLHIM+4IL3aXTcwMjkx?=',
via SMTP from 210.190.64.16

So it appears the emails are coming in vis SMTP. Then if I ps -Alf | grep
qmail I see things like:

0 S qmailr   15578 13026  0  75   0 -   397 -      03:35 pts/2    00:00:00
qmail-remote em36.com.cn  office at em36.com.cn

The headers I posted were in /var/qmail/queue/mess, which is I believe the
send queue.

So it seems (unless I am misunderstanding), the emails are being received,
queued and then sent by our server. If this isn't right please let me know.
It's depressing sitting here watching the Chinese spam go out...

Andy


-----Original Message-----
From: tfug-bounces at tfug.org [mailto:tfug-bounces at tfug.org]On Behalf Of
Brian Murphy
Sent: Friday, June 08, 2007 6:57 PM
To: tfug at tfug.org
Subject: Re: [Tfug] Qmail and Open Relay


Quoting Andrew Ayre <andy at britishideas.com>:
> Brian,
>
> Thanks for responding. Can you elaborate on why it looks like local
> delivery? Perhaps I can't see the woods for the trees?
>
> 202.99.204.66 isn't the IP address of my server.
> sohu.com isn't a domain in /var/qmail/control/rcpthosts or
> /var/qmail/control/virtualdomains
>


I say that because there are not received headers with servers after
yours.

The To: and From: header don't control who gets the email.  There are
hidden "envelope" recipients passed during the SMTP protocol
interaction between servers. (rcpt to:)  I've never run qmail so I
can't tell you what specifically to look for but this should get you
moving in the right direction.  The header had an enevelope-from <> (an
empty address).  Your mail log will probably have the envelope recipient
list.

A relay is when your server takes in an email and passes it to another
server.  A local delivery is when your server takes the message in and
delivers it to a local user.

Brian

The opinions or statements expressed herein are my own and should not be
taken as a position, opinion, or endorsement of the University of
Arizona.



_______________________________________________
Tucson Free Unix Group - tfug at tfug.org
Subscription Options:
http://www.tfug.org/mailman/listinfo/tfug_tfug.org

More information about the tfug mailing list