>Some users have their email addresses on my server set up to redirect >their mail to an external (i.e. gmail) address. The mail server sends >this mail through the relayPort (which is a 192.168.0.x local IP). >The IP that the mail server connects to ASSP from is in my >acceptAllMail IP list.
And what is not functioning right here? Thomas Scott MacLean <[email protected]> 17.03.2009 19:09 Bitte antworten an ASSP development mailing list <[email protected]> An ASSP development mailing list <[email protected]> Kopie Thema Re: [Assp-test] Some serious problems in 2.0.0 Argh....even more frustration, I've just discovered something ELSE that isn't functioning right in 2.0.0. Some users have their email addresses on my server set up to redirect their mail to an external (i.e. gmail) address. The mail server sends this mail through the relayPort (which is a 192.168.0.x local IP). The IP that the mail server connects to ASSP from is in my acceptAllMail IP list. However, I have mail that SHOULD be relayed through ASSP, coming FROM my server, that is being blocked with "relay attempt blocked for unknown local sender domain" because the "from" address is not a local domain (it originated outside my server, and is being redirected to a third party by my mail server). This SHOULD be relayed, because it is coming from my mail server, which is listed in acceptAllMail - but it is not. So I have mail being relayed when it shouldn't be, and relayed mail being blocked when it shouldn't be. Is this something wrong in 2.0.0 or do I have a misunderstanding in how this should be set up? At 11:54 AM 3/17/2009, Scott MacLean wrote: >No comments on this from anyone? Is EnforceAuth working correctly for >anyone else on 2.0.0? Is anyone else having problems enforcing MAIL >FROM to use local known users only as I described? > > >At 11:50 PM 3/16/2009, Scott MacLean wrote: > > >I discovered my server has been used to relay a fair amount of spam > >over the last few days, and in doing the investigation behind it, it > >turns out ASSP is the hole that they got through. Version 2.0.0 > >15.06, in particular, however I tested with 15.11 and it does the > >exact same thing. > > > >First off: I have my listenPort2 and smtpAuthServer set, so that my > >users can connect and send mail through my server. I also have > >EnforceAuth set - however, upon investigation, anyone can connect to > >my mail server, and without doing SMTP Auth, in a simple plain SMTP > >session, pretend to be anyth...@anyofmydomains, and send mail to any > >valid user on my server. Thankfully, if the user attempts to send > >mail to a third party on a domain not hosted by me, it rejects it > >with "530 SMTP authentication is required", so it's not wide open. > >However, it is quite clearly ignoring EnforceAuth. > > > >Which brings me to my second problem. With my v1 ASSP, it was set up thusly: > > > >1. Anyone could connect on port 25 and send mail from any user to any > >user on my server, with no auth required. This is an obvious public > >SMTP server. > > > >2. Users could connect on port 25 or 125 with SMTP Auth, and could > >send mail from themselves (MAIL FROM had to be a known user on the > >server) to any email address. > > > >#1 is working, as you would expect. However, #2 is not working. The > >way it is currently functioning is: any user who has a valid account > >on my server, can log in via SMTP AUTH, and send mail from ANY email > >address, to ANY email address, and my server will happily relay it. > >This is where the spam problem comes in - One of my users had their > >PC compromised, and their SMTP password stolen by a trojan. This was > >then used to log into my server from zombie spam bots and send > >massive amounts of spam all over the world. This spam had "MAIL FROM" > >various spammy places, not my local domains. Normally, if it was > >working as it should, this would not have been permitted - the only > >way the SMTP AUTH session should be able to send mail is if the mail > >is from a valid user on the server. > > > >noProcessingIPs contains a small list of IPs, primarily containing a > >web server that sends mail through my mail server. > >noProcessingList contains one email address. > >noProcessingDomains:= > > > >acceptAllMail contains the same list of IPs as is used for noProcessingIPs. > >DoLocalSenderDomain:=1 > >DoLocalSenderAddress:=1 > >nolocalDomains:= > >ispip:= > >contentOnlyRe:= > >ispHostnames:= > > > >LocalAddresses_Flat:=file:files/users.txt > >localDomains:=file:files/domains.txt > >(these are both updated regularly by my mail server) > > > >noMsgId contains the same list of IPs as is used for noProcessingIPs. > > > >DoNoValidLocalSender:=1 > >ForceNoValidLocalSender:=1 > >DoNoSpoofing:=1 > >DoLocalSender:=1 > > > >Am I missing something? Do I have something configured incorrectly? > >Or is there a problem here in ASSP itself? I've been over the > >configuration many times now, and I don't see what I could have set > >up incorrectly. >------------------------------------------------------------------------------ >Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >powering Web 2.0 with engaging, cross-platform capabilities. Quickly and >easily build your RIAs with Flex Builder, the Eclipse(TM)based development >software that enables intelligent coding and step-through debugging. >Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >_______________________________________________ >Assp-test mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
