Cableone.net is also one of my providers. They have strict TOS/AUA.
Start by reporting the abuse to postmaster or abuse at cableone.net.
Since the IPs you are reporting are not in my netmask, I am not sure
if they block outgoing port 25 like my service does. I moaned and
groaned when they did this to me, but it is for the overall good of
the internet. Suggest it to them. The dashed IP and "cpe" indicates
an end user account (Customer Premises Equipment). Considering they
are also using "example.com", tells me they are not very sophisticated
and may have unintelligently or randomly selected your IP as a smart
host for outgoing mail. Then again, I try to assUme the best rather
than the worst in people. I could easily be wrong.
As for seeing the message that is getting rejected, you would have
to make a couple changes to your sendmail.cf that may not be worth
the effort, as you will end up with VERY LARGE log files.
First, bump up the "O LogLevel=9" to "O LogLevel=15" or higher.
# log level
# 0 Minimal logging.
# 1 Serious system failures and potential security problems.
# 2 Lost communications (network problems) and protocol failures.
# 3 Other serious failures, malformed addresses, transient forward/include
# errors, connection timeouts.
# 4 Minor failures, out of date alias databases, connection rejections via
# check_ rulesets.
# 5 Message collection statistics.
# 6 Creation of error messages, VRFY and EXPN commands.
# 7 Delivery failures (host or user unknown, etc.).
# 8 Successful deliveries and alias database rebuilds.
# 9 Messages being deferred (due to a host being down, etc.).
# 10 Database expansion (alias, forward, and userdb lookups).
# 11 NIS errors and end of job processing.
# 12 Logs all SMTP connections.
# 13 Log bad user shells, files with improper permissions, and other
# questionable situations.
# 14 Logs refused connections.
# 15 Log all incoming and outgoing SMTP commands.
# 20 Logs attempts to run locked queue files. These are not errors, but
# can be useful to note if your queue appears to be clogged.
# 30 Lost locks (only if using lockf instead of flock).
# 16-98 logs progressively more detailed debugging information
#O LogLevel=15
Second, delay_checks, "FEATURE(delay_checks)dnl" in sendmail.mc.
Once you rebuild the sendmail.cf, you may have to recheck your LogLevel
and restart sendmail.
Dan Liston
Charlie Smith wrote:
> I've noticed quite a few lines lines in my maillogs as following. Looks like
> someone is trying to use my server as a relay agent. Is there a way to detect
> the message that sender wants to relay? Also, if material proves to be
> inappropriate (pornographic or even just spam), is there a legal channel to
> persue to get this sort of thing stopped?
>
> ...
> Jan 25 03:34:08 servername sendmail[27473]: i0PAY8Vl027473:
> 24-116-136-137.cpe.cableone.net [24.116.136.137] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
> Jan 25 03:36:51 servername sendmail[27479]: i0PAaoVl027479: ruleset=check_rcpt,
> arg1=<test_2@example.com>, relay=24-116-136-137.cpe.cableone.net
> [24.116.136.137], reject=550 5.7.1 <test_2@example.com>... Relaying denied
> Jan 25 03:36:51 servername sendmail[27479]: i0PAaoVl027479: lost input channel
> from 24-116-136-137.cpe.cableone.net [24.116.136.137] to MTA after rcpt
> Jan 25 03:36:51 servername sendmail[27479]: i0PAaoVl027479:
> from=<test_1@example.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA,
> relay=24-116-136-137.cpe.cableone.net [24.116.136.137]
> ...
References:
|
|
