[BlueOnyx:12767] Re: Unauthorized Relaying

[Ken Marcus]

On 4/3/2013 9:37 AM, frankd at iaw.on.ca wrote:
> Hi,
>
> I am running BlueOnyx 3.20110922 .  We have had a lot of unauthorized
> relaying only for a certain user.  We even changed her password but it's
> still doing it.
>
> In the eMail section of Network services I have it checked off to Enable
> SMTP Auth and POP Authenticated relaying.
>
> It's only happening to the one user which is confusing me.  What else can
> i set to tighten up the relaying?
>
> Thanks.
>
> Here is a log entry:
>
> Apr  3 10:58:56 raq2 sendmail[9296]: AUTH=server,
> relay=ip-176.105.131.241.tvsat364.lodz.pl [176.105.131.241],
> authid=mmagno, mech=LOGIN, bits=0
>
> Apr  3 11:02:05 raq2 sendmail[12291]: AUTH=server,
> relay=host-81-190-162-132.gorzow.mm.pl [81.190.162.132], authid=mmagno,
> mech=LOGIN, bits=0
>
> Apr  3 11:02:20 raq2 sendmail[12306]: AUTH=server,
> relay=124-218-75-60.cm.dynamic.apol.com.tw [124.218.75.60] (may be
> forged), authid=mmagno, mech=LOGIN, bits=0
>
> Apr  3 11:03:14 raq2 sendmail[13029]: AUTH=server,
> relay=triband-mum-59.183.21.118.mtnl.net.in [59.183.21.118],
> authid=mmagno, mech=LOGIN, bits=0
>
> Apr  3 11:06:20 raq2 sendmail[15029]: AUTH=server, relay=[212.5.32.239],
> authid=mmagno, mech=LOGIN, bits=0
>
>
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

Spammers have the mmagno password.
It seems like restarting sendmail and dovecot would be enough.  But for 
some reason I have seen successful authids after doing that. Maybe they 
are cached somewhere.

If you  reboot the server after the password change. That will do it.

Ken Marcus