Page 1 of 1

scalix being used as a spam relay ... wtf! HELP!!!

Posted: Tue Jul 24, 2007 2:20 am
by nokesc
I'm not sure how this is happening. I'm new to setting this stuff all up. I setup a scalix server for an office and it crashed because it was being used as a spam relay ... I had the smtpd.cfg setup correctly but it still happened SO I blew it away and started over with a fresh install of Suse 10 and scalix and tested via "telnet host 25" to see if I was being blocked. I would get something to the effect of ...

rcpt to: wtf@jerkland.org
553 5.1.8 jerk@whatever.net... Domain of sender address jerk@whatever.net does not exist

Ok so this is good, it meant no one could use my server as a spam relay. I then decided to move on to setting up Mailwasher and got it working but now I notice everything is getting through telnet host 25 with rcpt to: wtf@jerkland.org ..... HELP!!!

Posted: Tue Jul 24, 2007 3:22 am
by nokesc
Ok it seems to be the INPUT_MAIL_FILTER line ... if I remove the following below then sendmail seems to operate according to the smtpd.cfg using the RELAY lines ...

INPUT_MAIL_FILTER(`mailwasher_server', `S=unix:/var/run/mwserver/mpd.sock, F=T, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `mailwasher_server')


... wtf but then mailwasher isnt being used ... whats the deal?

Posted: Tue Jul 24, 2007 8:58 am
by jaime.pinto
You getting things confused.

If you're having *OPEN* RELAY, just close it.
If you have *spam attach*, just identify the offender and and block its access to your server (do a search on spam attach)
If you are having spam/virus getting through to *your users*, then introduce a anti-spam/anti-virus agent.

In your case with mailwasher, just reverse the order of the lines. Take a look at this post for a reference on a typical sendmail.mc
viewtopic.php?t=8290#37529

Posted: Tue Jul 24, 2007 11:23 am
by nokesc
I've now run into another problem ... I moved the server to a new network from 192.168.1.102 to 192.168.0.64 ... mail works and spam is blocked as expected the RELAY lines reject anything outside 192.168. but now mailwasher has stopped filtering ... wtf!!

The only thing I changed was the server ip and then updated the /etc/hosts ... do I need to update something else to get mailwasher to work?

Posted: Tue Jul 24, 2007 12:05 pm
by jaime.pinto
You probably better off restarting the installation from scratch, OS and scalix.
Scalix doesn't emphasize this enough (probably because they are not too proud of it), but you need to determine the *name* and *IP* of your scalix server way before hand, and *NEVER!!!!* change it again, EVER!!!! If you do, everything breaks.
There are ways around it, if you search the forum and the wiki for specific instructions. Not pretty.

Posted: Tue Jul 24, 2007 12:11 pm
by nokesc
Ok I figured out what happened ... for whatever reason the MAIL_FILTER lines in the /etc/sendmail.cf were missing ... I reran omsendin and now it's working ... even Mail Washer is working!!! kinda ...

new problem, mailwasher seems to be quarentining everything outgoing ... ideas?

Posted: Tue Jul 24, 2007 12:18 pm
by jaime.pinto
There are only a hand full of users with mailwasher on the forum. Good luck.