On 15-May-01 Togan Muftuoglu wrote:
I had this in my logs
isguzar sendmail[5670]: f4FKqSd05670: ruleset=check_rcpt, arg1=
, relay=user115.mdi.ca [207.230.250.115], reject=550 5.7.1 ... Relaying denied Ok AFAIU he couldnot get the relay
Yep.
and
from=
, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=user115.mdi.ca [207.230.250.115] but this one I did not get did he managed to use me as his relay or not.
If a line like this is found in your /var/log/mail, the connection to your smtp port (25) has been established, but did not get any further. Sendmail at least writes two lines of information for every incoming mail into your logs. The first line is the one you posted, the second line is the result of Sendmail processing the connection/smtp request. This processing can include delivery of the mail to its recipient or a denial of further access in case of a violation of your rulesets. The line shown above however does not indicate that the sender tried to use your mailer for unauthorized relaying. The "relay=user115.mdi.ca..." just notifies you that the particular mail has been sent to you via the mail hop user115.mdi.ca, which is a valid subdomain of a Canadian ISP. Conclusion: The sender uses his own/his ISP�s mail hub to send mail using his odd reply-to address at yahoo.com, maybe for spamming, but that�s just a guess. There�s no sign of an unauthorized attempt to relay mail. Don�t forget to check your mail log from the line shown above downwards to find some more entries of the sender.
If he did what steps can I take to make life harder to outsiders
I am using the sednmail 8.11.2-4 that comes with 7.1
From sendmail V8.9.x onwards forwarding/relaying mails is not permitted by default. However, some desperate sendmail admins don�t do their homework well and sometimes inadvertently open relays to the world in order to "get things working".
Take a look at http://www.sendmail.org/tips/relaying.html for more info about anti-relaying. Network Abuse ClearingHouse offers a free experimental mail relay test service under http://www.abuse.net/relay.html. Just give it a try if you�re not sure about your relay preventions.
-- Togan Muftuoglu
---
Boris Lorenz