spam - relay issue

[CGI101]

okay, so i recieved an email from my isp a few days ago saying that an email containing a virus was sent from my email address a few days back. this got me really worried.

i think i might have an open realy.

i googled open relay tests and ran the test on 10 different sites. 8 said, it was NOT an open relay.

but 2, said that there is a chance of it being an open relay.

and i think that those 2 servers were right, how else could that email message have originated my my server?

so can anyone please help me figure this out? how can i check to see if its infact an open relay or not? how can i know for sure?

also, how can i fix it?

 

[RhythmAce]

What method are you using to prevent your server from being an open relay? The two most common methods are pop-before-smtp and smtpauth. By default, outgoing mail is processed first, then after the user was authenticated pop3 was processed. The first method was a work-around to this but the prefered way is smtpauth. This sets up your smtp server to require authentication before sending mail. I just went into this in detail a few threads ago so you cand read it here. thread14-1312302 If you've been relying on access.db to secure your system, you should know that return addresses can be spoofed so mail could appear to be coming from your domain. The only thing that should be in you access file when you use smtpauth is localhost.

 

[CGI101]

thx again ace, i read that other thread but the problem is that i can't find any of the files that you guys were referring to.

i have both exim and sendmail installed.(i send mail using php using mail() and squirlmail)

when i said i saw email in queue that looks like open relay usage, i saw them cpanel's "view queue manager"

the same emails also appeared in:
/var/spool/exim/input/

these are all the sendmail functions on the system:
root@host [/]# locate *sendmail*
/home/cpapachebuild/buildapache/php-5.2.0/win32/sendmail.c
/home/cpapachebuild/buildapache/php-5.2.0/win32/sendmail.h
/home/cpapachebuild/buildapache/php-5.2.0/netware/sendmail_nw.h
/home/.cpan/build/Spreadsheet-WriteExcel-2.18/examples/sendmail.pl
/scripts/newdomains-sendmail
/root/drivers/installd/buildapache/php-4.4.3/win32/sendmail.c
/root/drivers/installd/buildapache/php-4.4.3/win32/sendmail.h
/root/drivers/installd/buildapache/php-4.4.3/netware/sendmail_nw.h
/etc/log.d/conf/services/sendmail-largeboxes.conf
/etc/log.d/conf/services/sendmail.conf
/etc/log.d/scripts/services/sendmail-largeboxes
/etc/log.d/scripts/services/sendmail.orig
/etc/log.d/scripts/services/sendmail
/usr/sbin/sendmail
/usr/lib/perl5/site_perl/5.8.7/Mail/Mailer/sendmail.pm
/usr/lib/sendmail
/usr/share/pear/Mail/sendmail.php
/usr/share/emacs/21.3/lisp/mail/sendmail.elc
/usr/local/net-SNMP-5.4/agent/mibgroup/mibII/mta_sendmail.c
/usr/local/net-SNMP-5.4/agent/mibgroup/mibII/mta_sendmail.h
/usr/local/cpanel/3rdparty/mailman/tests/bounces/sendmail_01.txt
/usr/local/cpanel/3rdparty/lib/php/Mail/sendmail.php
/usr/local/cpanel/bin/sendmail_cpanel
/usr/local/cpanel/bin/sendmail
/usr/local/cpanel/src/3rdparty/gpl/mailman-2.1.7/tests/bounces/sendmail_01.txt
/usr/local/cpanel/src/wrap/sendmail_cpanel
/usr/local/cpanel/src/wrap/sendmail
root@host [/]#

 

[RhythmAce]

I've never played with exim so I'm pretty sure I won't be much help on that issue. Most mail servers use sendmail wrappers because almost every script is written with sendmail in mind. They, like yours truly, don't understand why anybody would use anything else. ;-)

 

[CGI101]

oh okay.

just one more question if you don't mind.

i read that one of the ways to secure relay was to force authenication on smtp...how can i do this?

 

[RhythmAce]

I don't know with exim. I'm a true-blue sendmail guy. If ya wanna set aside your toys we can get a real mail server going here. ;-) What distro are you running by the way. I seem to remember RHEL but that might be someone else.

 

[CGI101]

no that would be me. 8)

RHEL 4.