• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

simple qmail question but a bit urgent!

i use qmail... someone using this for spamming... how can i restrict this. actually they target the machine using anonymous@my-domain.uk

plese help me secure my qmail server, my aim is to protect this from spammers. so i like to hear any suggestion for making it secure...
0
str_kani
Asked:
str_kani
  • 4
  • 3
  • 2
  • +1
4 Solutions
 
ravenplCommented:
/var/qmail/control/rcpthosts should containg domainnames which are relayed (and only those)
also use smpt-auth instead of opening relay with tcp-control.
0
 
Gabriel OrozcoSolution ArchitectCommented:
Actually, I think the problem is he is not using relaying control qmail has to be configured with.

str_kani, please read "Life With QMail" which can help you a lot on how to configure and secure your qmail setup.

this section talks about relaying: http://www.lifewithqmail.org/lwq.html#relaying

basically, what ravenpl told you is right, but you also need to check a file (tcp.cdb) used by tcpcontrol package, which deny relay to external hosts and allow it only for internal hosts. this way you can separate WHO Can relay. all is in the link.
0
 
str_kaniAuthor Commented:
>>>>
/var/qmail/control/rcpthosts should containg domainnames which are relayed (and only those)
also use smpt-auth instead of opening relay with tcp-control.

Yes i see the domains there, but somehow people using my domain anonymous@domain.com !!!
can you please tell how i can enable anuthentication?

*** I use webmin.

Redimido --- i am looking at the link now...

It looks like there is lot more to study..
my aim: I have 5 domains on my server, and i don't like any one sending out emails ourside this machine. I like to sendout emails only from these 5 domains. I am using webmin, is there a easy way to acheive this using webmin?
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
Gabriel OrozcoSolution ArchitectCommented:
str_kani:

do your users from the five domains are inside the LAN?
something like
-------LAN--------(EMAIL SERVER)-------INTERNET

if so, then it's easy. if not, then you need to know the ip addresses where your users are, -or- configure smtp-auth.

please tell us more about what you want
0
 
wnrossCommented:
Back up a minute folks,
1) how do you know that the spammer is using your mail servers?
FROM and TO can be spoofed during delivery *very* easily.  We continually get messages from info@ourdomain.com sent back by the
postmaster of other domains.  Spammers are using legitimate domains as the FROM so that they get caught by people's whitelists.

2) Do an open relay test, here are some sites from ordb.org
    "If you request that a server be tested, and it fails our tests, it will unavoidably get listed. There are several third party online testers
     which test but do not list, we have included some of these below. Please note however, that if a server successfully passes tests
     conducted by other testing engines, that does not necessarily mean that it will not be deemed open by ORDB.org:
      * Abuse.net Mail relay testing notices the most common problems http://abuse.net/relay.html
      * MAPS: telnet to relay-test.mail-abuse.org from your mailserver, and they will perform a test. http://mail-abuse.org/tsi/ar-test.html
      * Open Relay Test lets you set to and from addresses http://members.iinet.net.au/~remmie/relay/

Note that the remmie and abuse.net test records false positives, especially with qmail.

- or -
2) Download and run rlytest from Chip Rosenthal http://www.unicom.com/sw/rlytest/
While your at it, run the open proxy test from the same site.

Since the default config for Qmail precludes relaying, it probably isn't your mail setup, but rather apache, squid or just  plain uncooked spam

Cheers,
-Bill
0
 
Gabriel OrozcoSolution ArchitectCommented:
wnross is correct

we are not analyzing how you know you are being used as relay.

these emails are from some client that showed them to you?
is your internet connection full?
is the server overloaded?
0
 
str_kaniAuthor Commented:
do your users from the five domains are inside the LAN?

yes, they all inside my server (on the same machine...)

my allowed domains have the list...
*.domain1.com
*.domain2com
etc up 10 domains....

>>>>>>>> 1) how do you know that the spammer is using your mail servers?
the from field contains anonymous@my-domain.com

>>> these emails are from some client that showed them to you?
the from field contains anonymous@my-domain.com
>>> is your internet connection full?
Nope
>>>is the server overloaded?
Nope

0
 
str_kaniAuthor Commented:
i just had a chance to view the queue using webmin...
the from header says....

From      robert <roberts_walters@yahoo.com>      
To            
Sent      13 May 2006 09:04:37 -0000      
Subject      CONSOLATION PRIZE WINNING NOTICE!!!

this is surely an ourside email and spamm...!!! please help me keep these sort of emails away...
0
 
Gabriel OrozcoSolution ArchitectCommented:
so this is an open relay.

what you need to do is follow instructions from
http://www.palomine.net/qmail/selectiverelay.html

you need to have installed the ucspi-tcp package (url is pointed on the link above)
create the file /etc/tcp.smtp
add these lines (assuming your internal LAN is 192.168.0.x/24) note the variable RELAYCLIENT for the networks you trust:
127.0.0.1:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT=""
:allow

then run:
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.temp < /etc/tcp.smtp

to create the tcp.smtp.cdb hash file qmail need.

these lines are from the link I gave you. pls. read it and any question post it here. following these rules you will stop spammers (unless you have something not standar).
0
 
wnrossCommented:
Again I caution not to panic, run the tools I recommended above.

Certainly the header came from a spammer but your message is likely a bounce back from a failed delivery....because you won't relay.

PS: What were the results of the tests?

Cheers,
-Bill
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now