[Tfug] Qmail and Open Relay
kelley g
services at toasterz.com
Fri Jun 8 21:04:16 MST 2007
<snip>
>
> If it is a contact form would the emails appear with:
>
> Received: from 202.99.204.66 by h0000000 (envelope-from <>, uid 64011)
> with qmail-scanner-1.25st
>
> The IP address 202.99.204.66 is not ours. It appears to be somewhere in
> China.
>
> Andy
>
>
no. there should be a 'mail-from' set by your form handler. in the
absense of a form handling script 'mail-from', the apache process would
be listed eg 'apache at yourserver.com'.
>
> ------------------------------
>
> Message: 7
> Date: Fri, 8 Jun 2007 17:39:38 -0700
> From: Brian Murphy <murphy+tfug at email.arizona.edu>
> Subject: Re: [Tfug] Qmail and Open Relay
> To: tfug at tfug.org
> Message-ID: <20070608173938.gaw0gsc88kgskoco at www.email.arizona.edu>
> Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
>
> Quoting Andrew Ayre <andy at britishideas.com>:
>
>> I'm hoping someone can give me a couple of pointers on this.
>>
<snip>
>> Here is an example set of headers. We've changed the identifying
>> name/location of our server so the details arn't archived on the TFUG
>> website for everyone to see. We've also changed the email address of the
>> spam victim (but not the domain).
>>
>> ---------------------
>> Received: (qmail 3081 invoked by uid 64020); 7 Jun 2007 21:13:13 +0200
>> Received: from 202.99.204.66 by h0000000 (envelope-from <>, uid 64011) with
>> qmail-scanner-1.25st
>> (spamassassin: 3.0.3. perlscan: 1.25st.
>> Clear:RC:0(202.99.204.66):.
>> Processed in 1.466053 secs); 07 Jun 2007 19:13:13 -0000
>> Received: from unknown (HELO WANGDONGVPS) (info at 202.99.204.66)
>> by mydomain.com with SMTP; 7 Jun 2007 21:13:11 +0200
>> From: "Ionspb" <>
>> To: "someuser" <someuser at sohu.com>
>> Subject: =?GB2312?B?h/jrSLHctpDFY7/nh/i2kMrVu0mEnTgzMjc1?=
>> Date: Fri, 8 Jun 2007 03:12:42 +0800
>> MIME-Version: 1.0
>> Content-Type: text/plain
>> Content-Transfer-Encoding: base64
>> X-Priority: 3
>> X-MSMail-Priority: Normal
>> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>> X-Qmail-Scanner-Message-ID: <11812435929223074 at h1105258>
>> ---------------------
>>
>> In this example there is no from address, but other spam emails do have one.
>> Any ideas?
>>
>
>
are these being delivered to the recipient?
all i see are the qmail-scanner logs indicating mail hitting the queue
from smtp incoming.
do you have any 'log/qmail/send/current' or 'log/maillog' entries
indicating that these messages went out and were accepted for delivery
by the mx for the remote domain(s)?
fyi, qmail uses '<>' to identify double bounces.
i get this tflug messages in digest format so be patient if i don't reply.
--
kelley g
520.770.1200
ooooooooooooooooooooooooooooo
http://toasterz.com
open minds - open source
ooooooooooooooooooooooooooooo
More information about the tfug
mailing list