10 Feb 2011 17:18
10 Feb 2011 18:19
Re: public smtp?
On Thu, Feb 10, 2011 at 6:18 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Mr. was a victim of an attack. As I saw in the logs was used my qmail server to spam. I wonder how I can do to prevent addresses that are not local accounts from sending mail through of my smtp.
What does your /etc/tcp.smtp say?
I hear suggestions of safety measures should I take.
Thanks
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
10 Feb 2011 18:56
RE: public smtp?
My /etc/tcp.smtp say:
127.:allow,RELAYCLIENT=""
De: Shepherd Nhongo [mailto:shepherdzw-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
Enviado el: jueves, 10 de febrero de 2011 02:20 p.m.
Para: qmr-iGp6mRlwfsr/sFSC9fAAV0B+6BGkLq7r@public.gmane.org
Asunto: Re: [qmr] public smtp?
On Thu, Feb 10, 2011 at 6:18 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Mr. was a victim of an attack. As I saw in the logs was used my qmail server to spam. I wonder how I can do to prevent addresses that are not local accounts from sending mail through of my smtp.
What does your /etc/tcp.smtp say?
I hear suggestions of safety measures should I take.
Thanks
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
10 Feb 2011 19:15
Re: public smtp?
On Thu, Feb 10, 2011 at 7:56 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
My /etc/tcp.smtp say:
127.:allow,RELAYCLIENT=""
The above looks good. How is your network setup like ? Is this mail server acting as the gateway ? It's better to use tcpdumb on your gateway to check for the culprits talking via port 25.As a safe practice i would advise you to block all other ip's on your subnet from sending emails to www and only allow your mail server(s) to do this task. From there you can test the effectiveness of this task by trying to telnet to an external server's port 25.
I use iptables to achieve this
On Thu, Feb 10, 2011 at 6:18 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Mr. was a victim of an attack. As I saw in the logs was used my qmail server to spam. I wonder how I can do to prevent addresses that are not local accounts from sending mail through of my smtp.
What does your /etc/tcp.smtp say?
I hear suggestions of safety measures should I take.
Thanks
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
10 Feb 2011 21:45
RE: public smtp?
Hi Osvaldo
Securing email servers and how to depends on your setup and what you are using.
The only quick way I can see to allow only local domains to send/relay is to use a wrapper similar to qmail-scanner.pl.
This script would look in all control files if a senders domain is local and then pass the connection on to qmail-queue
Second more fancy way would be to replicate and modify the VALIDRCPTTO patch to check senders email address against a cdb file.
And call it VALIDSENDER patch J but for obvious reasons, keep the copyright notices and honour the creators with a tribute
In addition to this share the patch with the rest of the world.
First I would recommend to run 3 smtp services.
Service 1 only incoming emails, no relay on 1.1.1.1:25 which is in your DNS mx records
Service 2, relay on auth only on 2.2.2.2:25 (if you like to be more fancy chose another port and ssl auth).
Service 3, local host only , listening on 127.0.0.1:25
Pop3 should be on 2.2.2.2:110 so your customers don’t get confused what dns name to use
1. mx.domain.com --> incoming only, tcp.cdb file :allow,QMAIL_QUEUE=”/var/qmail/bin/qmail-scanner”, AUTH=”0” (or simscan) only
2. mail.domain.com à relay only on auth, tcp.cdb file :allow, AUTH=”1” and so on
3. localhost à anything goes for localhost, , tcp.cdb 127.0.0.:ALLOW,RELAYCLIENT=””,QMAIL_QUEUE-“/var/qmail/qmail-queue”
There is a bit more to it but that should get you started
regards
Torsten
From: Shepherd Nhongo [mailto:shepherdzw-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org]
Sent: 10 February 2011 18:15
To: qmr-iGp6mRlwfsr/sFSC9fAAV0B+6BGkLq7r@public.gmane.org
Subject: Re: [qmr] public smtp?
On Thu, Feb 10, 2011 at 7:56 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
My /etc/tcp.smtp say:
127.:allow,RELAYCLIENT=""
The above looks good. How is your network setup like ? Is this mail server acting as the gateway ? It's better to use tcpdumb on your gateway to check for the culprits talking via port 25.As a safe practice i would advise you to block all other ip's on your subnet from sending emails to www and only allow your mail server(s) to do this task. From there you can test the effectiveness of this task by trying to telnet to an external server's port 25.
I use iptables to achieve this
On Thu, Feb 10, 2011 at 6:18 PM, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
Mr. was a victim of an attack. As I saw in the logs was used my qmail server to spam. I wonder how I can do to prevent addresses that are not local accounts from sending mail through of my smtp.
What does your /etc/tcp.smtp say?
I hear suggestions of safety measures should I take.
Thanks
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
--
Shepherd Nhongo
Do not Queue mail with SENDMAIL, send mail with QMAIL
Mobile +267 74476040
10 Feb 2011 18:52
Re: public smtp?
| remove old sendmail --- On Thu, 2/10/11, Osvaldo Rivas <spadons-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
|
10 Feb 2011 18:59
RE: public smtp?
I have not installed sendmail
De: dan [mailto:danny_vdf-/E1597aS9LQAvxtiuMwx3w@public.gmane.org]
Enviado el: jueves, 10 de febrero de 2011 02:53 p.m.
Para: qmr-iGp6mRlwfsr/sFSC9fAAV0B+6BGkLq7r@public.gmane.org
Asunto: Re: [qmr] public smtp?
|
remove old sendmail
Mr. was a victim of an attack. As I saw in the logs was used my qmail server to spam. I wonder how I can do to prevent addresses that are not local accounts from sending mail through of my smtp.
I hear suggestions of safety measures should I take. |
10 Feb 2011 18:53
Re: public smtp?
On Thu, Feb 10, 2011 at 16:18, Osvaldo Rivas <spadons@...> wrote: > I wonder how I can do to prevent addresses that are > not local accounts from sending mail through of my smtp. > > I hear suggestions of safety measures should I take. one suggestion: set your "qmail server" to not relay the offending messages. For more concise answers please understand and explain what you mean by "qmail server", how the offending message(s) got into the queue for relay and the mitigation attempts you have already taken to prevent from being an "open relay". For e.g. the `sendmail` wrapper will by default communicate with the qmail queue in a way that allows relay, creating a target for hackers who find a vulnerability on your server. Another e.g. is have you set your SMTP listeners to only relay upon a successful AUTH command?
RSS Feed