[Mailman-Users] SPAM relayed mail through Mailman.

Colorado Tech Support Jon.Slater at ColoTechSupport.Com
Sun May 15 17:59:11 CEST 2005

Hi, I'm pretty new to this, but I've got a  problem.

Last night, a SPAMer was able to relay 250 mail messages through my 
server and I can't figure out how they did it.

Here's my configuration:

Fedora Core 2 - kernel-2.6.10-1.771_FC2
apache - httpd-2.0.51-2.9

Here's what I know...

My sendmail is configured in a way to only allow relaying from IP 
addresses within my network (the 192.168.blah.blah range).
I believe this is configured correctly because I get "RELAYING DENIED" 
messages all the time from SPAMers trying to relay through my server.

The only reason I know about the attempt is because I received over 100 
bounced messages to "mailman-ower at mydomain.com" from the target of the 

The bounced messages all contained the original message (which came from 
mailman-owner at mydomain.com).

My /etc/log/maillog file shows all 250 sendmails being relayed (here's 
just one):
maillog:May 14 21:02:52 nameofmyserver sendmail[14830]: j4F32px8014830: 
from=<popcap-route at enki.popcap.com>, size=2408, class=0, nrcpts=1, 
msgid=<courier.4286BBD9.000052C9 at enki.popcap.com>, bodytype=7BIT, 
proto=ESMTP, daemon=MTA, relay=mail.popcap.com []

My mailman settings don't allow anyone from any groups to send 
mass-mailings without approval.  (I verified this all this morning.)

So, I guess I have two questions:
1)  How did they do it?
(and more importantly)  2) How do I stop it?

Thank you all for your time!


Jon D Slater               Colorado Tech Support
p: 970.988.7246            P.O. Box 143
f: 970.674.8060            Windsor, Colorado
www.ColoTechSupport.Com    80550

More information about the Mailman-Users mailing list