Paul wrote:
> Help!!
>
> My ISP has fired me a mail with regards to potential spam that they
> believe is eminating from my server. Having had a look, i seem to be
> getting nothign out of the ordinary, however one thing that was went in
> the mail seemed to make sense...
>
> "Your server may be being used for a reverse NDR (None Delivery Report)
> attack without your knowledge. We recommend that your server is set to
> reject e-mails on attempted delivery, rather than accepting the email
> and then producing the NDR".
>
> Does anyone know a way of doing this?? I am currently running
> mailscanner and spam assassin.
Are you doing any pre-filtering? ie: are you using a service like
postini or messagelabs that would scan the email then deliver it to your
server?
> Also, whats the best free Open relay checker out there nowadays?
Don't know about "the best" but here's one for you (thanks to Google):
http://www.spamhelp.org/shopenrelay/
It's almost difficult to run a server as an open relay these days, so my
guess is you're not.
> How can i locate the source of the spam - can i grep the maillog to find
> it? It was onlt sent this morning!
Well... spam and NDR are 2 different things, but if you wanted to search
your maillog for email that your server bounced due to no such user,
grep for "No such user here". Then you'll have the message-ID for any
mails that were sent to a non-existent user.
> Anything anyone else can advise??
Yes, have your ISP show you the exact messages they are complaining of.
If they have detected a problem, have them share that evidence with
you so you can see exactly what's going on.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ