relay help!

relay help!

am 21.11.2007 16:44:37 von bluelinq

I have a server that I think is being used as relay of some sort. I have
checked with www.abuse.net/relay.html and it passes without any errors.
Still, I get connections that seems to come from I guess localhost? My
server will be msi.mydomain.net and anchor.net is a vitual domain for which
we do email and web hosting. And then, I get SYSERR(root): MX list for
tomail.com.tw. points back to msi.mydomain.net as if the domain were local.

What can cause something like this?

Regards,
bl


Nov 21 10:37:50 msi sendmail[14134]: NOQUEUE: connect from localhost
[127.0.0.1]
Nov 21 10:37:50 msi sendmail[14134]: AUTH: available mech=ANONYMOUS
DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4
DIGEST-MD5 CRAM-MD5
Nov 21 10:37:50 msi sendmail[14134]: lALFboIv014134: Milter: no active
filter
Nov 21 10:37:51 msi sendmail[14134]: lALFboIv014134: --- 220
msi.mydomain.net ESMTP Sendmail 8.13.1/8.13.1; Wed, 21 Nov 2007
10:37:50 -0500
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- HELO anchor.net
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: --- 250
msi.mydomain.net Hello localhost [127.0.0.1], pleased to meet you
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- MAIL FROM:

Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.0
... Sender ok
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:53 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:

Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
... Recipient ok
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: <-- DATA
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: --- 354 Enter mail, end
with "." on a line by itself
Nov 21 10:38:00 msi sendmail[14134]: lALFboIv014134:
from=, size=1394, class=0, nrcpts=15,
msgid=<200711211537.lALFboIv014134@msi.mydomain.net>, bodytype=8BITMIME,
proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
Nov 21 10:38:00 msi sendmail[14134]: lALFboIv014134: --- 250 2.0.0
lALFboIv014134 Message accepted for delivery
Nov 21 10:38:00 msi sendmail[14134]: lALFboIw014134: <-- QUIT
Nov 21 10:38:00 msi sendmail[14134]: lALFboIw014134: --- 221 2.0.0
msi.mydomain.net closing connection
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: SYSERR(root): MX list
for tomail.com.tw. points back to msi.mydomain.net
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134:
to=,,,,,,,,,,,,,,,
delay=00:00:09, xdelay=00:00:02, mailer=esmtp, pri=541394,
relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: alias postmaster =>
root
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: alias root => admin
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: lALFc2Iv014168: DSN:
Local configuration error
Nov 21 10:38:02 msi sendmail[14168]: lALFc2Iv014168: to=admin,
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=62642, dsn=2.0.0,
stat=Sent
Nov 21 10:38:02 msi sendmail[14168]: lALFc2Iv014168: SMTP outgoing connect
on msi.mydomain.net

relay help!

am 21.11.2007 17:02:21 von Joseph Brennan

The recipient host has a very bad DNS record that points to
localhost. This makes mail
to it undeliverable.

$ host -t mx tomail.com.tw
tomail.com.tw mail is handled by 10 localhost.

As to where the mail is coming from, it originates on localhost, your
host. My first guess is
that you've got a cgi script on the host that generates mail when
people fill in a web form. The
script should check the recipients and not send to just anybody.

Joseph Brennan
Columbia University IT

Re: relay help!

am 21.11.2007 17:43:06 von bluelinq

Joe, I do have some cgi's now I guess I should be able to link it to access
to the httpd logs if that is the case.

I did the host -t and got the same results.

Thanks


"Joe Brennan" wrote in message
news:e626dfc3-b5ea-4843-a8b0-e8d7fd7d6493@b15g2000hsa.google groups.com...
>
> The recipient host has a very bad DNS record that points to
> localhost. This makes mail
> to it undeliverable.
>
> $ host -t mx tomail.com.tw
> tomail.com.tw mail is handled by 10 localhost.
>
> As to where the mail is coming from, it originates on localhost, your
> host. My first guess is
> that you've got a cgi script on the host that generates mail when
> people fill in a web form. The
> script should check the recipients and not send to just anybody.
>
> Joseph Brennan
> Columbia University IT
>
>
>
>

Re: relay help!

am 22.11.2007 00:46:19 von bluelinq

Joe,


My thought is that if a cgi or some form is being used, the they must be
passing this using a browser. Would that be correct? If so, then the hunt
continues as nothing in the logs as such.

I cannot find anything related to it.for example bur@mail.com.tw

What else to check?

Regards,
bl

"Joe Brennan" wrote in message
news:e626dfc3-b5ea-4843-a8b0-e8d7fd7d6493@b15g2000hsa.google groups.com...
>
> The recipient host has a very bad DNS record that points to
> localhost. This makes mail
> to it undeliverable.
>
> $ host -t mx tomail.com.tw
> tomail.com.tw mail is handled by 10 localhost.
>
> As to where the mail is coming from, it originates on localhost, your
> host. My first guess is
> that you've got a cgi script on the host that generates mail when
> people fill in a web form. The
> script should check the recipients and not send to just anybody.
>
> Joseph Brennan
> Columbia University IT
>
>
>
>