Linux Sendmail help?

[webmaster]

Hi All,
ATT and SBC are bouncing e-mails from the server here and are asking that I make changes to sendmail to make it more spam/abuse resistant. The sendmail config needs to be reviewed and security tightened.

This makes it hard for new users in the U.S. to register properly without alot of manual intervention, etc.

Does anyone here have experience with this and can you lend a hand?

Thanks,
jeff

 

[dank]

what is att? ive got a computer genius here who might be able to help you, if he knows whats actually going on

 

[webmaster]

Ask your computer genius if he is familar with linux sendmail - if he is then my initial post will make sense to him/her.


att = AT & T = American Telephone & Telegraph, etc.

They are asking that I do the following :

http://wn.att.net/cgi-bin/block_admin.cgi

Thanks,
jeff

 

[eff]

Jeff,

I may be able to help. I used to run a linux mail server here using Sendmail. Can you send me more information?


Do you have any information on exactly why the server is being blocked? I just looked and you are not list as an open relay which is the most common cause.

 

[webmaster]

Thanks!!!!

I get the following message for gasgasman's sbc e-mails :


<his_email@sbcglobal.net>: host sbcmx2.prodigy.net[207.115.20.21] said: 553
5.3.0 flph262 - o3J2aWDo003631, DNSBL:ATTRBL 521< 209.162.215.232
>_is_blocked.__For_information_see_http://att.net/blocks (in reply to MAIL
FROM command)


I have hidden his e-mail to keep him from getting any more spam than he already gets...

Sendmail is currently in the default config from the software load. It's an older version of SUSE.

jeff

 

[webmaster]

Just took at look at the att link above - it might be as simple as :

"Avoid using IP addresses: http://0.0.0.0. Better to use a real domain name."

jeff

 

[eff]

Jeff,

See here http://worldnet.att.net/general-info/521.html. I think the server has been falsly blacklisted by ATT. I have searched a few sites and gasgasrider.org isn't blocked. This happended to our server too.

FYI I went to Postfix on subsequent servers, but now we are using the mail server from our web host because of better spam filtering.

 

[webmaster]

Hey Eff,
Thanks for checking it out for me. I'll fill out the form and see how it goes.

jeff

 

[eff]

What version of Suse are you using?

 

[jiauka]

Hi jeff:

I can help you with that, just send me the sendmail config file.

SUSE is little bit tricky on sendmail, there is no real sendmail.mc file, I need the following ones:

/etc/rc.config
and
/etc/rc.config.d/sendmail.rc.config

Or give me access to the server.

I have done some scan and the sendmail itself is not exposed to the "outworld", but you have the IDENT port (113) open, and it may come from sendmail or from the bittorrent tracker (port 6881) you are also running, also the spam could come from someone that has gained access to your system tru the ftp server.

Also, if possible I would like to have the header from an spammed email and the original ATT email.

Another good alternative is to remove the sendmail and setup a "relay" email server that sends all email from the forum to your ISP.

Best regards,

j.

 

[jiauka]

Hi jeff:

Could you do the following at your server (do not type the dbl quotes)

"tail /sbin/conf.d/SuSEconfig.sendmail"

and paste the last lines, should be something like.

MAILER(\`uucp')dnl
MAILER(\`bsmtp')dnl
MAILER(\`fido')dnl
HACK(\`use_ip',\`/etc/mail/LocalIP')dnl
HACK(\`check_rcpt4')dnl

and

"cat /etc/mail/LocalIP"

if may show something or could be missing depending on your SUSE version.

have fun,

j.

 

[webmaster]

Will do.

I built the machine a few years ago - it is SUSE version 10.0

jeff