Hi,

I noticed in my qmail-logs some spammers which were denied because
they were attempting to relay messages. I discovered that those
hosts somehow managed to get whitelisted. So then I started
looking for relay attempts in the spamd logs:

~% sudo grep -v -- '->.*mydomain.org' /var/log/daemon|grep GREY
Nov 15 07:01:46 haddock spamd[27135]: (GREY) 218.19.214.158: <tt2r08yk8f1t@naver.com> -> <warnason@e-470.com>
Nov 15 07:02:03 haddock spamd[27135]: (GREY) 218.19.214.158: <tt2r08yk8f1t@naver.com> -> <warnason@e-470.com>
Nov 15 07:02:17 haddock spamd[27135]: (GREY) 218.19.214.158: <tt2r08yk8f1t@naver.com> -> <warnason@e-470.com>
Nov 15 07:02:34 haddock spamd[27135]: (GREY) 218.19.214.158: <tt2r08yk8f1t@naver.com> -> <warnason@e-470.com>
Nov 15 07:02:50 haddock spamd[27135]: (GREY) 218.19.214.158: <tt2r08yk8f1t@naver.com> -> <warnason@e-470.com>
Nov 15 07:41:54 haddock spamd[27135]: (GREY) 59.41.90.159: <eo7q48yf4r3r@naver.com> -> <daejeon@sports.or.kr>
Nov 15 07:42:14 haddock spamd[27135]: (GREY) 59.41.90.159: <eo7q48yf4r3r@naver.com> -> <daejeon@sports.or.kr>
Nov 15 07:42:43 haddock spamd[27135]: (GREY) 59.41.90.159: <eo7q48yf4r3r@naver.com> -> <daejeon@sports.or.kr>
Nov 15 07:43:02 haddock spamd[27135]: (GREY) 59.41.90.159: <eo7q48yf4r3r@naver.com> -> <daejeon@sports.or.kr>
Nov 15 08:51:29 haddock spamd[27135]: (GREY) 221.203.170.132: <ezgl5rc@paran.com> -> <almi82@hotmail.com>
Nov 15 08:52:03 haddock spamd[27135]: (GREY) 221.203.170.132: <ezgl5rc@paran.com> -> <almi82@hotmail.com>
Nov 15 08:52:29 haddock spamd[27135]: (GREY) 221.203.170.132: <ezgl5rc@paran.com> -> <almi82@hotmail.com>
Nov 15 08:52:51 haddock spamd[27135]: (GREY) 221.203.170.132: <ezgl5rc@paran.com> -> <almi82@hotmail.com>

I think it would be nice if spamd could know valid local domains
and trap relayers straight away.



# Han