accepting domain names as local
James Hughes
seem to figure out.
Some spammer keeps sending test messages through my server on a daily basis
and my server is accepting them as inbound mail instead of rejecting them
outright as something it doesn't relay.
Here's the log messages for two separate instances:
-------------
Jun 15 22:02:53 enchilada sendmail[26261]: h5G52T7m026261:
from=<b...@fre.sg.co.nz>, size=139, class=0, nrcpts=1,
msgid=<200306160502....@localhost.localdomain>, proto=ESMTP,
daemon=MTA, relay=[218.70.137.219]
Jun 15 22:02:53 enchilada sendmail[26263]: h5G52T7m026261:
to=<ame...@cdta.cq.cn>, ctladdr=<b...@fre.sg.co.nz> (500/500),
delay=00:00:10, xdelay=00:00:00, mailer=local, pri=30418, dsn=2.0.0,
stat=Sent
-------------
Jun 16 14:45:44 enchilada sendmail[27158]: h5GLjWCW027158:
from=<b...@fre.sg.co.nz>, size=148, class=0, nrcpts=1,
msgid=<200306162145....@localhost.localdomain>, proto=ESMTP,
daemon=MTA, relay=[218.70.112.236]
Jun 16 14:45:44 enchilada sendmail[27159]: h5GLjWCW027158:
to=<dor...@ctwa.cq.cn>, ctladdr=<b...@fre.sg.co.nz> (500/500),
delay=00:00:05, xdelay=00:00:00, mailer=local, pri=30424, dsn=2.0.0,
stat=Sent
-------------
I don't understand why it's accepting these fake domain names. They're
clearly not defined in local-host-names, nor are they system host names. The
best I can tell, it's looking in the virtusertable and rewriting these
addresses so that mail goes to ame...@virtualjames.com instead of
ame...@cdta.cq.cn. Even though there isn't a user ameill, there's a
catch-all for @virtualjames.com in the virtusertable, so it gets delivered.
Why is sendmail doing this domain translation? How can I stop this bizarre
behavior?
Anyone have any good pointers to virtual domain hosting?
Thanks,
James
G. Roderick Singleton
Post your .mc, please. I suspect we may be able to help if you do so.
Claus Aßmann
> Jun 15 22:02:53 enchilada sendmail[26263]: h5G52T7m026261:
> to=<ame...@cdta.cq.cn>, ctladdr=<b...@fre.sg.co.nz> (500/500),
> delay=00:00:10, xdelay=00:00:00, mailer=local, pri=30418, dsn=2.0.0,
In addition to your mc file post the output of:
echo '$=w' | sendmail -bt
echo '3,0 ame...@cdta.cq.cn' | sendmail -bt -d21.4
--
A: Maybe because some people are too annoyed by top-posting.
Q: Why do I not get an answer to my question(s)?
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
James Hughes
news:Y8tHa.10291$945....@tor-nn1.netcom.ca...
Thanks for your help. Here's the dirt, let me know if you anything else
would be helpful.
**** sendmail.cf ****
divert(-1)
dnl
dnl m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
dnl
divert(0)
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for Red Hat Linux')dnl
OSTYPE(`redhat8.0')dnl
DOMAIN(virtualjames)dnl
dnl define(`SMART_HOST',`mail.covad.net')
define(`confPRIVACY_FLAGS',
`authwarnings,needmailhelo,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_QUEUERETURN', `4d')dnl
define(`confTO_QUEUEWARN', `4h')dnl
define(`confTO_IDENT', `0')dnl
undefine(`UUCP_RELAY')dnl
FEATURE(`nouucp', `nospecial')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`dnsbl', `sbl.spamhaus.org')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
dnl The '-t' option will retry delivery if e.g. the user runs over his
quota.
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
**** virtualjames.m4 ****
divert(0)
VERSIONID(`Setting for the virtualjames.com doamin')
define(`confFORWARD_PATH',
`$z/.forward.$w+$h:$z/.forward+$h:$z/.forward.$w:$z/.forward')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
FEATURE(always_add_domain)dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`redirect')dnl
dnl cw file tells sendmail to use the local-host-names file
FEATURE(`use_cw_file')dnl
EXPOSED_USER(`root')dnl
**** class w output ****
enchilada
[enchilada.pri]
localhost.localdomain
virtualjames.com
localhost
jameshughes.com
enchilada.pri
[192.168.2.1]
[127.0.0.1]
Alexander Dalloz
Your mailhost is acting curious. And it is an open relay!
$ telnet virtualjames.com 25
Trying 66.134.176.81...
Connected to virtualjames.com.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.12.8/8.12.8; Tue, 17 Jun 2003
14:36:20 -0700
ehlo foo
250-localhost.localdomain Hello 213-182-115-98.teleos-web.de
[213.182.115.98], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
MAIL FROM: <g...@heaven.biz>
250 2.1.0 <g...@heaven.biz>... Sender ok
RCPT TO: <dal...@gmx.net>
550 5.7.1 <dal...@gmx.net>... Relaying denied
RCPT TO: <de...@hell.gov>
250 2.1.5 <de...@hell.gov>... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
foo
bar
baz
.
250 2.0.0 h5HLaJCW028063 Message accepted for delivery
QUIT
221 2.0.0 localhost.localdomain closing connection
Connection closed by foreign host.
So, what the hell do you have in your access map file?
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
Per Hedeland
No, it's not relaying, it's delivering every garbage domain locally -
see above!
And this is the reason:
*.virtualjames.com. 1D IN CNAME virtualjames.com.
Or maybe this:
*.jameshughes.com. 1D IN CNAME jameshughes.com.
Don't do that.
--Per Hedeland
p...@hedeland.org