Hello,
The setup is an email server receiving and sending on
behalf of another local email machine.
Someone has managed to find a vulnerability in our
system. a small amount of spam is being relayed via an
user. When I found this out, I put
deny receipients = ExistingUser@???
in the acl_check_rcpt of the locally relaying email
server (the email server that sends to the local email
machine).
This works sometimes only. The ones that got through
look like this in the log:
2005-09-07 00:46:25 1ECrpI-0006Tx-TY <= <>
R=1ECrAq-0006L7-Tr U=An_user P=local S=102002
2005-09-07 00:46:25 1ECrAq-0006L7-Tr Completed
2005-09-07 00:46:25 1ECrpI-0006Tx-TY =>
ExistingUser@??? R=aaaa T=aaaa H=local_host
[local ip address]
2005-09-07 00:46:25 1ECrpI-0006Tx-TY Completed
This gets sent to the second machine which is followed
by the second machine sending out spam to a bunch of
email addresses.
What is the hole that I have missed and how do I plug
it?
I have attempted to put the deny in the config files
of the local email host as well. I will see if this
fixes the problem tonight.
How can I guarantee that no email to the ExistingUser
gets through? The user should not be receiving any
email. It is vital that the user be able to send
email, however.
Thanks,
Guru
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com