LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page Qmail Toaster relaying
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-22-2010, 08:08 AM   #1
lima25
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Rep: Reputation: 0
Qmail Toaster relaying

Hi to all,

I have a problem with a qmailtoaster server. Users reported that their email get blocked on the other side.
I have checked the server and found out that it has been blacklisted. I've analized the logs and found out that someone managed to relay through that server, but I don't understend how.
When I check the server for relaying it is ok, every test passes, but logs are filled with:

Code:
2010-02-08 16:35:43.583710500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msblack2@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.598674500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msayresmck@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.626655500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbury@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.672258500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschampaert@gmail.com> : client allowed to relay
2010-02-08 16:35:43.689442500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschick06@comcast.net> : client allowed to relay
2010-02-08 16:35:43.793443500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mscappy@ridersworld.com> : client allowed to relay
2010-02-08 16:35:43.795327500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msazarloza@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.795158500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbus8113@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.828333500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschanae@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.871368500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschickie30@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.944214500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mscarb@comcast.net> : client allowed to relay
2010-02-08 16:35:43.950087500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msbutler21@yahoo.com> : client allowed to relay
2010-02-08 16:35:43.952199500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msazende@yahoo.com> : client allowed to relay
2010-02-08 16:35:44.023657500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <mschiernbeck@yahoo.com> : client allowed to relay
2010-02-08 16:35:44.026578500 simscan:[13691]:RELAYCLIENT:0.3529s:-:66.134.225.162:info@consejos-e.com:msb22087@yahoo.com:,msb234@yahoo.com,msb3207@aol.com,msb33_36@yahoo.com,msb5039@psu.edu,msb72@buckeye-exp
ress.com,msbaby_girl22@yahoo.com,msbabydoll1023@yahoo.com,msbabyw1ldch1ld@yahoo.com,msbadejo@gmail.com,msbagrimm@yahoo.com,msbailey@live.com,msbaileyhome@aol.com,msbainer@yahoo.com,msbajabeauty@hotmail.com,ms
balb@comcast.net,msballer89@yahoo.com,msbanderson@yahoo.com,msbang41@yahoo.com,msbank@hotmail.com,msbanks12225@yahoo.com,msbaptist@yahoo.com,msbarb1@comcast.net,msbarbaraowen@yahoo.com,msbarbaras@aol.com,msba
rbie267@yahoo.com,msbarnes_81@yahoo.com,msbarnes64@yahoo.com,msbarr20@yahoo.com,msbarrit@cox.net,msbartond@aol.com,msbatc@hotmail.com,msbates1310@yahoo.com,msbattle2004@yahoo.com,msbattytou@yahoo.com,msbaybee
@yahoo.com,msbb4952@yahoo.com,msbbernard@charter.net,msbbristol@msn.com,msbburke@aol.com,msbc2@aol.com,msbcutshaw@hotmail.com,msbdog@aol.com,msbdraper@aol.com,msbea@cox.net,msbea4real@yahoo.com,msbean20@yahoo
.com,msbean318@aol.com,msbeasleyhound@msn.com,msbeatrice1@gmail.com
how does it gets "client allowed to relay" ?

my tcp.smtp looks like this:
Code:
127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1"
10.100.:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="3",RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private",RBLSMTPD="",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="150",CHKUSER_WRONGRCPTLIMIT="3",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
I have a rcpthosts file with one domain in it.

What am I missing?

Thank you very much in advance.
 
Old 02-22-2010, 12:22 PM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,174
Blog Entries: 1

Rep: Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040Reputation: 2040
Hi,

I don't use chkuser, but after reading its logging format documentation, it looks from your logs:
Quote:
2010-02-08 16:35:43.583710500 CHKUSER relaying rcpt: from <info@consejos-e.com:info@stik.si:> remote <User:unknown:66.134.225.162> rcpt <msblack2@yahoo.com> : client allowed to relay
that somehow someone at 66.134.225.162 knows the password of one of your users, so he can authenticate to your server and send spam.
In your case I suppose it's info@stik.si that is the remoteinfo value on the above logs.
 
Old 02-24-2010, 11:54 AM   #3
lima25
LQ Newbie
 
Registered: Feb 2010
Posts: 2

Original Poster
Rep: Reputation: 0
Thank you very much bathory,

I believe that was the problem, the password was't very strong.

Thanks again
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some issues with Qmail-Toaster mail4vijay Linux - General 1 02-24-2010 08:35 AM
Need two Node Cluster for Qmail-Toaster mail4vijay Linux - General 2 11-20-2009 11:33 AM
I cant add domain in my qmail toaster Enald Linux - Newbie 0 07-09-2009 05:01 AM
Qmail toaster problem fandar Linux - Networking 0 02-27-2007 01:46 AM
Qmail Toaster Problem Ryand833 Linux - Software 0 04-14-2005 09:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:43 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration