Re: Spam sent through server using authid=apache or mysql

On 5/30/2008 12:49 PM, Stephen Pusey wrote:
I'm new to this mailing list - but I am hoping that someone out there
may bring light to a problem I am having recently with spammers. I do
not allow relaying through the server and external tests have
confirmed that there are no open relays. I have also run a test for
open ports with pxytest - and none were found. Email can only be
relayed by users logged on through SASL etc. I have checked all the
user directories for old formmail programs and disabled any that I
found - but the apache logs do not show the spammer using POST or
formmail. The record of the spam only appears in the maillog. Here
is an example (I have changed the server name and the spammers

May 21 08:12:32 thismachine sendmail[16842]: AUTH=server, [],
authid=apache, mech=LOGIN, bits=0

Looks like they guessed the password for your 'apache' user.

spammers have also used authid=mysql

Same for mysql user. Except neither of these users should have valid password entries.

Or, something's wrong with your SASL so that it's authenticating valid user names with non-existant passwords?

Try sending email yourself with SASL, username apache and blank password?


Y'awl probably think I am an idiot for not figuring this out - but I
would really appreciate your help - or direction to the right place.



Mark Frey
IT Manager
Extend Communications Inc
49 Charlotte St
Brantford ON N3T 2W4
519 759-6820
800 265-9975
Fax: 519 751-5701

Relevant Pages

  • Re: Please help stop spam relaying with my server
    ... The email address that is used to send the emails is not ... I immediately retested my server to confirm it was not an open ... my loglevel to 15 in sendmail to help diagnose the situation. ... anyone with a valid address that gets used by spammers is part of the ...
  • Re: Spam
    ... I use SpamCop to report those spam messages that get ... through their server, which would eliminate the need for MailWasher. ... >> or "remove" yourself from the spammers' address lists; ...
  • Re: ISPs blocking SMTP connections from dynamic IP address space
    ... spammers have an average education level of high school dropout. ... Using DSL now is no different than that. ... double for renting a server or they can pay full colo prices plus buy ...
  • Re: A interesting way to detect spam based on the proximity of the sender with the receiver
    ... server to check for any other thing like white list, ... reams of spam, tend to keep open only the e-mail port, known as the ... Spammers also tend to have IP ...
  • Re: cant block spammer
    ... The Action selected for this rule is to delete it from the server. ... Apparently these spammers have figured out a way to get past the ... Is the unwanted mail in your Inbox? ... that will result in downloading the message. ...