Last week, after a long awaited system shutdown, I
performed a shutdown. Next day, our system was used a
SPAM relay!!! Found out that former Admin never
changed startup scripts to start sendmail 8.9.3,
instead, the startup script kicked 8.8.1 which allows
relay by default. Ok, hole was closed few minutes
after we were used!! I had to contact several
organizations which had already blacklisted us. Only
problem remains within our own organization.
Scenario: I administrate system xxx.yyy.com in this
case.
My user, call it "myuser", tries to send an email to
someone_at_yyy.com. They bounce back with the message
below. I am convinced that it is not a problem on my
end, but rather on main system yyy.com denying us. It
seems like they have us in their form of blacklist as
SPAMERS. But, the admin there does not agree, saying
they don't use any blacklists. Can anybody help
explain what is going on below? I might be wrong all
along, but "very unlikely." I can send email to any
other address in our own domain, from any other
machines I administer without any problem. (I also
have ppp.yyy.com and qqq.yyy.com, they dont have any
problem). I can also send across from ppp to qqq
without anyproblem.Using sendmail 8.9.3 on all
machines
Date: Wed, 13 Dec 2000 15:39:17 -0500 (EST)
From: Mail Delivery Subsystem
<MAILER-DAEMON_at_xxx.yyy.com>
To: postmaster_at_xxx.yyy.com
Subject: Postmaster notify: Internal error
Parts/Attachments:
1 Shown 12 lines Text
2 Shown 390 bytes Message, "Delivery
Status"
3 Shown 2.3 KB Message, "Returned mail:
Service unavailable"
3.1 Shown 11 lines Text
3.2 Shown 390 bytes Message, "Delivery
Status"
3.3 Shown 649 bytes Message, "test"
3.3.1 Shown 2 lines Text
----------------------------------------
The original message was received at Wed, 13 Dec 2000
15:39:17 -0500 (EST)
from localhost
----- The following addresses had permanent fatal
errors -----
<someone_at_yyy.com>
----- Transcript of session follows -----
... while talking to yyy.com.:
>>> RSET
<<< 550 Your System is being used as a SPAM relay
554 deliver: mci=14008ef18 rcode=0 errno=0 state=0
sig=yyy.com.
554 <someone_at_yyy.com>... Internal error
[ Part 2: "Delivery Status" ]
Reporting-MTA: dns; xxx.com
Received-From-MTA: DNS; aaa.yyy.com
Arrival-Date: Wed, 13 Dec 2000 15:39:17 -0500 (EST)
Final-Recipient: RFC822; aaa_at_yyy.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; yyy.com
Diagnostic-Code: SMTP; 550 Your System is being used
as a SPAM relay
Last-Attempt-Date: Wed, 13 Dec 2000 15:39:17 -0500 (EST)
=====
Richard F. Mollel
Systems Administrator
SAIC
Greenbelt, MD
Experience is what allows you to recognize
a mistake the second time you make it.
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
Received on Thu Dec 14 2000 - 13:02:19 NZDT