[Spambayes] Spambayes as an open mil relay ???

Mon Mar 1 16:18:44 EST 2004

> However today i came back to my pc after work and saw my net 
> connection being hammered....Looked into what my firewall said
> and the only thing running was spambayes !
> 
> Had a further look and i get the feeling that after a port 
> sacn or two, someone has twigged i'm running this and seen
> it as a free spam relay point ????

[Assuming you are using sb_server, and not the Outlook plug-in.  If it's the
plug-in, then *no*, SpamBayes is not doing this]

SpamBayes isn't a mail server, so can't be used in this way.  All it does is
*proxy* your existing mail server.  In other words, if someone connected to
your sb_server, what they would get is the prompt to login to your mail
server.

If your mail server (at your ISP, or wherever) allows connections from
anywhere, then people could send via your mail server through your proxy, if
you have not firewalled this off.  However, they could do exactly the same
thing if they just connected directly to your mail server.  If this is the
case, you should try and convince the server's administrator(s) to fix the
problem; it's theirs, not yours.

If people are accessing the web interface, rather than the POP3 or SMTP
proxy, they can change your SpamBayes settings, or do training for you.
However, by default, access is limited to localhost, so you would have had
to specifically open up access to anyone for them to be able to do this.

Overall, it seems highly unlikely that the program being used is SpamBayes;
even if it is, the spammer is not gaining anything (in fact, is losing,
since connection directly to the mail server would be faster).  If you want
to check, take a look at the port that is being accessed - is it one that
SpamBayes is handling?  Or, while the connection is being 'hammered', close
SpamBayes down - does that stop it?

If you want to be absolutely sure, then firewall off whichever ports you are
running the POP3 proxy and/or SMTP proxy on.

=Tony Meyer

---
Please always include the list (spambayes at python.org) in your replies
(reply-all), and please don't send me personal mail about SpamBayes. This
way, you get everyone's help, and avoid a lack of replies when I'm busy.