@Chris,
1) ---------------------------------------
As I was having nightmares, I was regularly observing all changes. Ofcourse, I was aware of th following code and precisely how and when it was inserted:
if [ -f /var/qmail/control/norecordio ] ; then
RECORDIO=""
else
RECORDIO="/usr/bin/recordio"
fi
Mustafa decided to maintain illegal email content logging and offered one control file "norecordio" to deactivate it, outside of run files. The issue I discussed was not that I did not know, but that this is the case.
That does not change the prima facia matter of the issue:
Kloxo-MR installs illegal content logging in maillog files by default. I found the way by deactivating email content logging with substituting -Q switch and removed -v. Others, like you may use the touch command. Well, this is MR's project and the issue - as well as all other issues - thus, remains uncontestable.
I had to spend 10-15 hours to identify the trouble before Mustafa entered the above code. New commers to Kloxo-MR may not know this. Then, their the lack of knowledge fires illegal content logging on their servers. This means that you need time to read every corner of this forum, spend time for hours and hours, and obtain all necessary tweaks.
2) ---------------------------------------
However, I could not reproduce this bounce relay, as my toaster is set to 'delete' or blackhole unknown recipients.
My Toaster was set to 'delete' for all mailboxes as well as catch-all. My problem was that the configuration was set delete and it did not delete but bounced emails! Further, my problem was that qmail does not check existence of a recipient, although CHKUSER exists.
Toaster checks a recipient, if set to check, only if CHKUSER patch 2.0.9 it properly applied and respective parameters are activated. To do this, you have to recompile Qmailtoaster again by yourself.
Because some parameters are not activated, a spammer is able to sidetrack delete function under special conditions and can use bounce function. Then he makes transmission with different "from" and "sender" (Return-Path) for spamming to victimize all senders. All those victimized recipients in the sender receives undelivered emails from your server with authentic digital signature.
@Mella
Mustafa: Qmail-toaster already compile with chkuser patch. You can see /etc/tcp.rules.d/tcp.smtp about send/smtp issue.
Chris did confirm that the Qmailtoaster should be recompiled. As this is not yet done,
you should recompile yourself to use some CHKUSER functions, especially those parameters I mentioned in the other thread. In other words
spend time on using chkuser commands and tcp.smtp to identify how and where you could use those commands, if you want to.