[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

simple qmail question but a bit urgent!

Posted on 2006-05-03
10
Medium Priority
?
217 Views
Last Modified: 2010-03-17
i use qmail... someone using this for spamming... how can i restrict this. actually they target the machine using anonymous@my-domain.uk

plese help me secure my qmail server, my aim is to protect this from spammers. so i like to hear any suggestion for making it secure...
0
Comment
Question by:str_kani
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 43

Assisted Solution

by:ravenpl
ravenpl earned 400 total points
ID: 16596289
/var/qmail/control/rcpthosts should containg domainnames which are relayed (and only those)
also use smpt-auth instead of opening relay with tcp-control.
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 800 total points
ID: 16602686
Actually, I think the problem is he is not using relaying control qmail has to be configured with.

str_kani, please read "Life With QMail" which can help you a lot on how to configure and secure your qmail setup.

this section talks about relaying: http://www.lifewithqmail.org/lwq.html#relaying

basically, what ravenpl told you is right, but you also need to check a file (tcp.cdb) used by tcpcontrol package, which deny relay to external hosts and allow it only for internal hosts. this way you can separate WHO Can relay. all is in the link.
0
 
LVL 12

Author Comment

by:str_kani
ID: 16605274
>>>>
/var/qmail/control/rcpthosts should containg domainnames which are relayed (and only those)
also use smpt-auth instead of opening relay with tcp-control.

Yes i see the domains there, but somehow people using my domain anonymous@domain.com !!!
can you please tell how i can enable anuthentication?

*** I use webmin.

Redimido --- i am looking at the link now...

It looks like there is lot more to study..
my aim: I have 5 domains on my server, and i don't like any one sending out emails ourside this machine. I like to sendout emails only from these 5 domains. I am using webmin, is there a easy way to acheive this using webmin?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16606502
str_kani:

do your users from the five domains are inside the LAN?
something like
-------LAN--------(EMAIL SERVER)-------INTERNET

if so, then it's easy. if not, then you need to know the ip addresses where your users are, -or- configure smtp-auth.

please tell us more about what you want
0
 
LVL 7

Accepted Solution

by:
wnross earned 800 total points
ID: 16607452
Back up a minute folks,
1) how do you know that the spammer is using your mail servers?
FROM and TO can be spoofed during delivery *very* easily.  We continually get messages from info@ourdomain.com sent back by the
postmaster of other domains.  Spammers are using legitimate domains as the FROM so that they get caught by people's whitelists.

2) Do an open relay test, here are some sites from ordb.org
    "If you request that a server be tested, and it fails our tests, it will unavoidably get listed. There are several third party online testers
     which test but do not list, we have included some of these below. Please note however, that if a server successfully passes tests
     conducted by other testing engines, that does not necessarily mean that it will not be deemed open by ORDB.org:
      * Abuse.net Mail relay testing notices the most common problems http://abuse.net/relay.html
      * MAPS: telnet to relay-test.mail-abuse.org from your mailserver, and they will perform a test. http://mail-abuse.org/tsi/ar-test.html
      * Open Relay Test lets you set to and from addresses http://members.iinet.net.au/~remmie/relay/

Note that the remmie and abuse.net test records false positives, especially with qmail.

- or -
2) Download and run rlytest from Chip Rosenthal http://www.unicom.com/sw/rlytest/
While your at it, run the open proxy test from the same site.

Since the default config for Qmail precludes relaying, it probably isn't your mail setup, but rather apache, squid or just  plain uncooked spam

Cheers,
-Bill
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 16607735
wnross is correct

we are not analyzing how you know you are being used as relay.

these emails are from some client that showed them to you?
is your internet connection full?
is the server overloaded?
0
 
LVL 12

Author Comment

by:str_kani
ID: 16673104
do your users from the five domains are inside the LAN?

yes, they all inside my server (on the same machine...)

my allowed domains have the list...
*.domain1.com
*.domain2com
etc up 10 domains....

>>>>>>>> 1) how do you know that the spammer is using your mail servers?
the from field contains anonymous@my-domain.com

>>> these emails are from some client that showed them to you?
the from field contains anonymous@my-domain.com
>>> is your internet connection full?
Nope
>>>is the server overloaded?
Nope

0
 
LVL 12

Author Comment

by:str_kani
ID: 16673153
i just had a chance to view the queue using webmin...
the from header says....

From      robert <roberts_walters@yahoo.com>      
To            
Sent      13 May 2006 09:04:37 -0000      
Subject      CONSOLATION PRIZE WINNING NOTICE!!!

this is surely an ourside email and spamm...!!! please help me keep these sort of emails away...
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 800 total points
ID: 16679921
so this is an open relay.

what you need to do is follow instructions from
http://www.palomine.net/qmail/selectiverelay.html

you need to have installed the ucspi-tcp package (url is pointed on the link above)
create the file /etc/tcp.smtp
add these lines (assuming your internal LAN is 192.168.0.x/24) note the variable RELAYCLIENT for the networks you trust:
127.0.0.1:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT=""
:allow

then run:
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.temp < /etc/tcp.smtp

to create the tcp.smtp.cdb hash file qmail need.

these lines are from the link I gave you. pls. read it and any question post it here. following these rules you will stop spammers (unless you have something not standar).
0
 
LVL 7

Expert Comment

by:wnross
ID: 16686610
Again I caution not to panic, run the tools I recommended above.

Certainly the header came from a spammer but your message is likely a bounce back from a failed delivery....because you won't relay.

PS: What were the results of the tests?

Cheers,
-Bill
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question