Tim Grogan <tim@grocomm.com> [2002-10-21 21:04:48 -0700]: > I just recently (today) got a notice that I've been used as an open > relay. I've checked with 4-5 web open relay checkers and 1 telnet > relay checker and all say I'm clean. In my mail log I keep getting > these bounce messages with @list.debian appended coming from > murphy.debian.org. Am I somehow relaying for this system. I really > don't want my system used for some spammer :( Thanks for checking your system over after getting the notice. If everyone was so diligent we would have less of a spam problem. I am going to make a guess here. Probably you received a notice from a virus checker that that a message with your from address contained a virus. Those are common. What someone thought was that they would check and send a note back to the sender of the message so they could clean their system. The problem is that most viruses today send mail with spoofed from addresses. Therefore the actual sender of those messages is not available but only the spoof address. As a spoof this is only causing noise and concern to you which is not warranted. The likelyhood in the case above is that your address is either in someone's address book or an email message from you is in their email folder. They have a virus which extracted that address and sent mail out spoofed from various addresses available. You were probably just one of many spoofed addresses. As far as your "bounce" notices in the logs those are just how the list manage can track which addresses are really bouncing back. You have probably always had those but just did not see them until you went to check. Those are probably normal if it is just the from address of the message. If I am guessing right here it does not mean you are bouncing messages or receiving bounce messages. Here is an example from me. One from my log and one from a header in a list message. This is a postfix header and yours will look different if you use another MTA like exim and will have different hostnames. Oct 20 04:04:28 joseki postfix/qmgr[20421]: 595FF14B07: from=<bounce-debian-user=bob=proulx.com@lists.debian.org>, size=4362 (queue active) Return-Path: <bounce-debian-user=bob=proulx.com@lists.debian.org> This is in my header. It says the list I am subscribed to as well as the address I used to subscribe to it. If that message bounces back to the list it can tell where the message was sent. That is invaluable in many cases. Also, if I need to unsubscribe then in the messages sent to me I can always tell exactly what address I used to subscribe to the list. There are some guesses made with little information here so take this with a grain of salt. But I hope that helps and is actually what you are seeing. Bob
Attachment:
pgpztE0ulGIXt.pgp
Description: PGP signature