relay help!

I have a server that I think is being used as relay of some sort. I have
checked with www.abuse.net/relay.html and it passes without any errors.
Still, I get connections that seems to come from I guess localhost? My
server will be msi.mydomain.net and anchor.net is a vitual domain for which
we do email and web hosting. And then, I get SYSERR(root): MX list for
tomail.com.tw. points back to msi.mydomain.net as if the domain were local.

What can cause something like this?

Regards,
bl


Nov 21 10:37:50 msi sendmail[14134]: NOQUEUE: connect from localhost
[127.0.0.1]
Nov 21 10:37:50 msi sendmail[14134]: AUTH: available mech=ANONYMOUS
DIGEST-MD5 CRAM-MD5 PLAIN LOGIN, allowed mech=EXTERNAL GSSAPI KERBEROS_V4
DIGEST-MD5 CRAM-MD5
Nov 21 10:37:50 msi sendmail[14134]: lALFboIv014134: Milter: no active
filter
Nov 21 10:37:51 msi sendmail[14134]: lALFboIv014134: --- 220
msi.mydomain.net ESMTP Sendmail 8.13.1/8.13.1; Wed, 21 Nov 2007
10:37:50 -0500
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- HELO anchor.net
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: --- 250
msi.mydomain.net Hello localhost [127.0.0.1], pleased to meet you
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- MAIL FROM:
<vewguxw.povmiqmt [at] msa.hinet.net>
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.0
<vewguxw.povmiqmt [at] msa.hinet.net>... Sender ok
Nov 21 10:37:52 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bgrtd [at] tomail.com.tw>
Nov 21 10:37:53 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bgrtd [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bensonhs [at] tomail.com.tw>
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bensonhs [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<a6868748 [at] tomail.com.tw>
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<a6868748 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<a7021170 [at] tomail.com.tw>
Nov 21 10:37:54 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<a7021170 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bjl [at] tomail.com.tw>
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bjl [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<chyi9999 [at] tomail.com.tw>
Nov 21 10:37:55 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<chyi9999 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<awtaiwan [at] tomail.com.tw>
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<awtaiwan [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<achiang1 [at] tomail.com.tw>
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<achiang1 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<a9384 [at] tomail.com.tw>
Nov 21 10:37:56 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<a9384 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bjc4100 [at] tomail.com.tw>
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bjc4100 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<beamtech [at] tomail.com.tw>
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<beamtech [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<chiawen133 [at] tomail.com.tw>
Nov 21 10:37:57 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<chiawen133 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<a80791 [at] tomail.com.tw>
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<a80791 [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bolo [at] tomail.com.tw>
Nov 21 10:37:58 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bolo [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: <-- RCPT TO:
<bigc [at] tomail.com.tw>
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: --- 250 2.1.5
<bigc [at] tomail.com.tw>... Recipient ok
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: <-- DATA
Nov 21 10:37:59 msi sendmail[14134]: lALFboIv014134: --- 354 Enter mail, end
with "." on a line by itself
Nov 21 10:38:00 msi sendmail[14134]: lALFboIv014134:
from=<vewguxw.povmiqmt [at] msa.hinet.net>, size=1394, class=0, nrcpts=15,
msgid=<200711211537.lALFboIv014134 [at] msi.mydomain.net>, bodytype=8BITMIME,
proto=SMTP, daemon=MTA, relay=localhost [127.0.0.1]
Nov 21 10:38:00 msi sendmail[14134]: lALFboIv014134: --- 250 2.0.0
lALFboIv014134 Message accepted for delivery
Nov 21 10:38:00 msi sendmail[14134]: lALFboIw014134: <-- QUIT
Nov 21 10:38:00 msi sendmail[14134]: lALFboIw014134: --- 221 2.0.0
msi.mydomain.net closing connection
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: SYSERR(root): MX list
for tomail.com.tw. points back to msi.mydomain.net
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134:
to=<bigc [at] tomail.com.tw>,<bolo [at] tomail.com.tw>,<a80791 [at] tomail.com.tw>,<chiawen133 [at] tomail.com.tw>,<beamtech [at] tomail.com.tw>,<bjc4100 [at] tomail.com.tw>,<a9384 [at] tomail.com.tw>,<achiang1 [at] tomail.com.tw>,<awtaiwan [at] tomail.com.tw>,<chyi9999 [at] tomail.com.tw>,<bjl [at] tomail.com.tw>,<a7021170 [at] tomail.com.tw>,<a6868748 [at] tomail.com.tw>,<bensonhs [at] tomail.com.tw>,<bgrtd [at] tomail.com.tw>,
delay=00:00:09, xdelay=00:00:02, mailer=esmtp, pri=541394,
relay=tomail.com.tw., dsn=5.3.5, stat=Local configuration error
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: alias postmaster =>
root
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: alias root => admin
Nov 21 10:38:02 msi sendmail[14168]: lALFboIv014134: lALFc2Iv014168: DSN:
Local configuration error
Nov 21 10:38:02 msi sendmail[14168]: lALFc2Iv014168: to=admin,
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=62642, dsn=2.0.0,
stat=Sent
Nov 21 10:38:02 msi sendmail[14168]: lALFc2Iv014168: SMTP outgoing connect
on msi.mydomain.net
bluelinq [ Mi, 21 November 2007 16:44 ] [ ID #1876327 ]

relay help!

The recipient host has a very bad DNS record that points to
localhost. This makes mail
to it undeliverable.

$ host -t mx tomail.com.tw
tomail.com.tw mail is handled by 10 localhost.

As to where the mail is coming from, it originates on localhost, your
host. My first guess is
that you've got a cgi script on the host that generates mail when
people fill in a web form. The
script should check the recipients and not send to just anybody.

Joseph Brennan
Columbia University IT
Joseph Brennan [ Mi, 21 November 2007 17:02 ] [ ID #1876328 ]

Re: relay help!

Joe, I do have some cgi's now I guess I should be able to link it to access
to the httpd logs if that is the case.

I did the host -t and got the same results.

Thanks


"Joe Brennan" <brennan [at] columbia.edu> wrote in message
news:e626dfc3-b5ea-4843-a8b0-e8d7fd7d6493 [at] b15g2000hsa.google groups.com...
>
> The recipient host has a very bad DNS record that points to
> localhost. This makes mail
> to it undeliverable.
>
> $ host -t mx tomail.com.tw
> tomail.com.tw mail is handled by 10 localhost.
>
> As to where the mail is coming from, it originates on localhost, your
> host. My first guess is
> that you've got a cgi script on the host that generates mail when
> people fill in a web form. The
> script should check the recipients and not send to just anybody.
>
> Joseph Brennan
> Columbia University IT
>
>
>
>
bluelinq [ Mi, 21 November 2007 17:43 ] [ ID #1876330 ]

Re: relay help!

Joe,


My thought is that if a cgi or some form is being used, the they must be
passing this using a browser. Would that be correct? If so, then the hunt
continues as nothing in the logs as such.

I cannot find anything related to it.for example bur [at] mail.com.tw

What else to check?

Regards,
bl

"Joe Brennan" <brennan [at] columbia.edu> wrote in message
news:e626dfc3-b5ea-4843-a8b0-e8d7fd7d6493 [at] b15g2000hsa.google groups.com...
>
> The recipient host has a very bad DNS record that points to
> localhost. This makes mail
> to it undeliverable.
>
> $ host -t mx tomail.com.tw
> tomail.com.tw mail is handled by 10 localhost.
>
> As to where the mail is coming from, it originates on localhost, your
> host. My first guess is
> that you've got a cgi script on the host that generates mail when
> people fill in a web form. The
> script should check the recipients and not send to just anybody.
>
> Joseph Brennan
> Columbia University IT
>
>
>
>
bluelinq [ Do, 22 November 2007 00:46 ] [ ID #1876339 ]
Miscellaneous » comp.mail.sendmail » relay help!

Vorheriges Thema: SYSERR(root): MX
Nächstes Thema: Validity of this e-mail structure

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum