For the life of me, I cannot figure this out. The Scalix SMTPD program accepts these messages and clogs up my queue with 50k+ messages. Is this a relay problem? I dont think so. I have the relay reject requirements in the smtpd.conf file. Is it a local-host-file problem? I dont think so. I have the local domain names set up in local-host-file.
I do not understand how the scalix relay accepts this message for delivery and then puts it on the sendmail queue. CAN SOMEONE PLEASE SHED LIGHT ON THIS. IT IS KILLING OUR SERVER.
from q file....
V8
T1189948762
K1189948795
N1
P123391
I253/1/1917079
Fds
$_localhost.localdomain [127.0.0.1]
$rESMTP
$smail.XXX.XXX
${daemon_flags}
${if_addr}127.0.0.1
S<customer-completed-and-win-survey@downeysavings.com>
Z6730.10551189948754.mail.xxx.net
rRFC822; cwood@netpenny.net
RPNFD:<cwood@netpenny.net>
H?P?Return-Path: <g>
H??Received: from mail.XXX.XXX (localhost.localdomain [127.0.0.1])
by mail.XXX.XXX (8.13.1/8.13.1) with ESMTP id l8GDJLPg004647
for <cwood@netpenny.net>; Sun, 16 Sep 2007 09:19:22 -0400
H??Received: from User (216-165-215-115.crescentb.com [216.165.215.115])
by mail.XXX.XXX (Scalix SMTP Relay 11.1.0.10849)
via ESMTP; Sun, 16 Sep 2007 09:19:14 -0400 (EDT)
H??Date: Sun, 16 Sep 2007 08:16:56 -0500
H??From: Downey Savings Bank<customer-completed-and-win-survey@downeysavings.com>
H??Reply-To: customer-completed-and-win-survey@downeysavings.com
H??Message-ID: <6730.10551189948754.mail.XXX.XXX@MHS>
H??Subject: Online Customer: Survey and WIN $125.00
H??X-MSMail-Priority: Normal
H??X-Priority: 3
H??x-scalix-Hops: 1
H??X-Mailer: Microsoft Outlook Express 5.50.4522.1200
H??X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
H??MIME-Version: 1.0
H??Content-Type: text/html;
charset="Windows-1251"
H??Content-Disposition: inline
.
Interesting relay issue
Moderators: ScalixSupport, admin
-
audiotron2002
- Posts: 87
- Joined: Tue Nov 22, 2005 12:41 pm
Interesting relay issue
Last edited by audiotron2002 on Fri Feb 01, 2008 11:13 pm, edited 1 time in total.
-
jaime.pinto
- Scalix Star
- Posts: 709
- Joined: Fri Feb 23, 2007 6:50 pm
- Location: Toronto - Canada
Just a thought:
This looks like spam. The email may have arrived at your server under a false username at your domain, coming from "cwood@netpenny.net". netpenny.net is a domain that doesn't exist (I checked the internic), and now it's stuck on your queue to notify the original fake sender - cwood@netpenny.net - that the false username at your domain doesn't exist. In about 4 or 5 days you may get a notification as postmaster that the reply could not be delivered.
Questions:
1) do you have anti-spam installed?
2) do you have the feature below enabled in your /etc/mail/sendmail.mc?
FEATURE(`accept_unresolvable_domains')dnl
This looks like spam. The email may have arrived at your server under a false username at your domain, coming from "cwood@netpenny.net". netpenny.net is a domain that doesn't exist (I checked the internic), and now it's stuck on your queue to notify the original fake sender - cwood@netpenny.net - that the false username at your domain doesn't exist. In about 4 or 5 days you may get a notification as postmaster that the reply could not be delivered.
Questions:
1) do you have anti-spam installed?
2) do you have the feature below enabled in your /etc/mail/sendmail.mc?
FEATURE(`accept_unresolvable_domains')dnl
Jaime||||||||||||||||||||||||||||||||||||||||
-
audiotron2002
- Posts: 87
- Joined: Tue Nov 22, 2005 12:41 pm
but how could the scalix smtpd accept this message for delivery as it is a relay? I do not have antispam installed on this scalix server as it is not our mailserver (lited as a mx record). It is used as outgoing only for imap and pop users.
I have never had a problem on any of my main mailsers. just this scalix server. I changed nothing out of the box for scalix.
I agree that it is spam, but why is scalix accepting this message which is sent by an external sender to an external sender? I do not have relay turned on.
could they be spoofing an internal address? This is a scalix issue. and I dont even know where to look as the features for smtpd.conf are very limited.
I have never had a problem on any of my main mailsers. just this scalix server. I changed nothing out of the box for scalix.
I agree that it is spam, but why is scalix accepting this message which is sent by an external sender to an external sender? I do not have relay turned on.
could they be spoofing an internal address? This is a scalix issue. and I dont even know where to look as the features for smtpd.conf are very limited.
-
jaime.pinto
- Scalix Star
- Posts: 709
- Joined: Fri Feb 23, 2007 6:50 pm
- Location: Toronto - Canada
This is what a spam engines will do.
The moment that you expose any machine to the internet, even if it's behind a firewall with a non-routeable IP, if you are using port forwarding, within 3 minutes somebody will find it. It's even easier with legal IPs and MX entries. They keep on hitting every IP address out there, on every port, 24/7, until they find one that is responding with a service, not just email. In your case, it doesn't matter that this scalix server doesn't have a MX record, they reach it directly using systematic scanning or spoofing. It's not a "open relay" issue, otherwise we would be having a different kind of conversation.
All your other systems are constantly facing the same problems and challenges. You just don't realize it. And they probably have some defense associated with them.
Important thing to understand about scalix: it's a very good enterprise mail system ONLY (under linux), it's *not* a firewall, it's *not* a anti-spam/anti-virus appliance. You can almost say the same for MS Exchange, except that exchange is not a very good mail system. In both cases you require additional devices to act as defense mechanisms.
It so happen that under linux you can still activate these other features in the same machine that scalix is installed on, but that is independent of scalix. They don't sell them as a product and they don't "officially" support them as such, and as far as I can tell, so far they are not pursuing that line of products. Who knows, maybe under Xandros they will.
In the mean time we have this forum, and we can help each other with how to setup spamassassin, clamsv, iptables, etc. You also that the option to use professional firewalls and filtering box for spam and virus.
The moment that you expose any machine to the internet, even if it's behind a firewall with a non-routeable IP, if you are using port forwarding, within 3 minutes somebody will find it. It's even easier with legal IPs and MX entries. They keep on hitting every IP address out there, on every port, 24/7, until they find one that is responding with a service, not just email. In your case, it doesn't matter that this scalix server doesn't have a MX record, they reach it directly using systematic scanning or spoofing. It's not a "open relay" issue, otherwise we would be having a different kind of conversation.
All your other systems are constantly facing the same problems and challenges. You just don't realize it. And they probably have some defense associated with them.
Important thing to understand about scalix: it's a very good enterprise mail system ONLY (under linux), it's *not* a firewall, it's *not* a anti-spam/anti-virus appliance. You can almost say the same for MS Exchange, except that exchange is not a very good mail system. In both cases you require additional devices to act as defense mechanisms.
It so happen that under linux you can still activate these other features in the same machine that scalix is installed on, but that is independent of scalix. They don't sell them as a product and they don't "officially" support them as such, and as far as I can tell, so far they are not pursuing that line of products. Who knows, maybe under Xandros they will.
In the mean time we have this forum, and we can help each other with how to setup spamassassin, clamsv, iptables, etc. You also that the option to use professional firewalls and filtering box for spam and virus.
Jaime||||||||||||||||||||||||||||||||||||||||
-
audiotron2002
- Posts: 87
- Joined: Tue Nov 22, 2005 12:41 pm
Very good response. And I agree with everything you said. But I still keep scratching my head at how an external IP address can send a message through scalix smtp to a different external IP.
That seems like a relay issue. But its not (as I do not have an open relay).
I guess the answer might be to install spamassassin on the scalix server too. Would you recommend doing that?
FYI, I am running mailscanner and spamassassin on my main mx server and I never have this problem.
That seems like a relay issue. But its not (as I do not have an open relay).
I guess the answer might be to install spamassassin on the scalix server too. Would you recommend doing that?
FYI, I am running mailscanner and spamassassin on my main mx server and I never have this problem.
-
jaime.pinto
- Scalix Star
- Posts: 709
- Joined: Fri Feb 23, 2007 6:50 pm
- Location: Toronto - Canada
I don't think this is what is happening. Your server may have taken in an email under a false pretense, and now it's trying to reply back that the user is unknown or doesn't exit. This is not the same as sending a message through the server.But I still keep scratching my head at how an external IP address can send a message through scalix smtp to a different external IP.
Spamassassin will do a pretty good job at keeping most of the spam out.
Jaime||||||||||||||||||||||||||||||||||||||||
-
adhodgson
- Posts: 176
- Joined: Thu Mar 02, 2006 8:09 am
Who is online
Users browsing this forum: Google [Bot] and 3 guests