[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: relaying denied



Am Mi, den 23.06.2004 schrieb olga urbantimes net um 22:29:

> I just have a question about the log messages I am receiving. Here's the
> explanation of my setup.
> 
> We used to have two servers: X and Y. We had Sendmail running only on one
> of them (X). Last month we completely wiped everything and changed the
> setup of what is running on each server. Now we have Sendmail running on
> both servers. Most of the virtual domains/websites that USED to be on X
> are NOW on Y. The mail works fine on both servers. Users on Y are
> receiving mail perfectly. However, I am getting a LOT of 'relaying denied'
> and 'relaying temporarily disabled' on the X server for the domains that
> are currently on Y.
> 
> I have checked the zone information for each of the domains on Y and they
> have MX records listed correctly -- mail should first go to Y, then to X.
>              MX   10 Y.ns1.com
>              MX   15 X.ns2.com
> 
> So my question is: if mail is received on Y why am is it still trying be
> relayed though X for the domains that are on Y?

Because that is SPAMmers behaviour to use a lower priority MX directly,
because such hosts are often less secured and managed as the primary MX.

> Here's a snippet of my log messages from /var/log/maillog:

1. example:

> Jun 20 04:06:17 sendmail[30589]: i5K968bv030589: ruleset=check_rcpt,
> arg1=<valeria zzz net>, relay=[61.51.250.44], reject=550 5.7.1
> <valeria zzz net>... Relaying denied. IP name lookup failed [61.51.250.44]
> Jun 20 04:06:19 sendmail[30589]: i5K968bv030589: lost input channel from
> [61.51.250.44] to MTA after rcpt
> Jun 20 04:06:19 sendmail[30589]: i5K968bv030589:
> from=<Carolyhcd panda com>, size=0, class=0, nrcpts=0, proto=SMTP,
> daemon=MTA, relay=[61.51.250.44]

The mail is rejected because it does not resolve. About what do you
complain? If it resolves on a different host, then you have a self made
problem with not proper working DNS.

2. example (incomplete):

> Jun 20 04:09:39 sendmail[30590]: i5K99b9w030590: ruleset=check_rcpt,
> arg1=<webmaster site net>, relay=YahooBB219007126054.bbtec.net
> [219.7.126.54], reject=550 5.7.1 <webmaster site net>... Relaying denied.
> Proper authentication required.
> Jun 20 04:09:39 sendmail[30590]: i5K99b9w030590:  reject=550 5.7.1

Attempt to send to a not local domain. Proper action by Sendmail. If
site.net is now on your server Y then the sender misbehaves. Very
certainly just a SPAMmer.

> And others:
> Relaying denied. IP name lookup failed [220.89.226.158]

Why do you think this is not ok?

> Relaying denied. IP name possibly forged [65.91.92.64]

The reason is different, "possibly forged" does not imply rejection.

> Relaying denied. IP name lookup failed [219.248.33.52]

See above.

> And from the log file sent to root:
> Relaying denied:
> >From [actual ip address here] to radium mysite net: 1 Times(s)
> >From [actual ip address here] to alex mysite net: 1 Times(s)

No reason given. Who shell judge then?

> Anything I can do about those messages? Each day I get about 200 or so of
> these in root mail. (I have changed some sensitive info in the examples
> that I provided, but the gist of it should be there.)
> Thank you.
> 
> Olga

Conclusion: either you show real log entries where proper mail is
rejected where it should have been accepted or take all examples from
above as SPAM attempts.

You may have a look at

http://www.sendmail.org/~ca/email/relayingdenied.html

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) on Athlon CPU kernel 2.6.6-1.435 
Serendipity 22:43:02 up 21:21, 8 users, 1.03, 1.27, 1.26 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]