ASSP doesn't allow it through. Even though my mail server's IP is in my acceptAllMail, ASSP is blocking the mail with:
[RelayAttempt] 192.168.0.60 <[email protected]> to: [email protected] relay attempt blocked for unknown local sender domain At 03:13 PM 3/17/2009, Thomas Eckardt/eck wrote: > >Some users have their email addresses on my server set up to redirect > >their mail to an external (i.e. gmail) address. The mail server sends > >this mail through the relayPort (which is a 192.168.0.x local IP). > >The IP that the mail server connects to ASSP from is in my > >acceptAllMail IP list. > >And what is not functioning right here? > > >Thomas > > > > > > >Scott MacLean <[email protected]> >17.03.2009 19:09 >Bitte antworten an >ASSP development mailing list <[email protected]> > > >An >ASSP development mailing list <[email protected]> >Kopie > >Thema >Re: [Assp-test] Some serious problems in 2.0.0 > > > > > > >Argh....even more frustration, I've just discovered something ELSE >that isn't functioning right in 2.0.0. > >Some users have their email addresses on my server set up to redirect >their mail to an external (i.e. gmail) address. The mail server sends >this mail through the relayPort (which is a 192.168.0.x local IP). >The IP that the mail server connects to ASSP from is in my >acceptAllMail IP list. > >However, I have mail that SHOULD be relayed through ASSP, coming FROM >my server, that is being blocked with "relay attempt blocked for >unknown local sender domain" because the "from" address is not a >local domain (it originated outside my server, and is being >redirected to a third party by my mail server). This SHOULD be >relayed, because it is coming from my mail server, which is listed in >acceptAllMail - but it is not. > >So I have mail being relayed when it shouldn't be, and relayed mail >being blocked when it shouldn't be. Is this something wrong in 2.0.0 >or do I have a misunderstanding in how this should be set up? > >At 11:54 AM 3/17/2009, Scott MacLean wrote: > > >No comments on this from anyone? Is EnforceAuth working correctly for > >anyone else on 2.0.0? Is anyone else having problems enforcing MAIL > >FROM to use local known users only as I described? > > > > > >At 11:50 PM 3/16/2009, Scott MacLean wrote: > > > > >I discovered my server has been used to relay a fair amount of spam > > >over the last few days, and in doing the investigation behind it, it > > >turns out ASSP is the hole that they got through. Version 2.0.0 > > >15.06, in particular, however I tested with 15.11 and it does the > > >exact same thing. > > > > > >First off: I have my listenPort2 and smtpAuthServer set, so that my > > >users can connect and send mail through my server. I also have > > >EnforceAuth set - however, upon investigation, anyone can connect to > > >my mail server, and without doing SMTP Auth, in a simple plain SMTP > > >session, pretend to be anyth...@anyofmydomains, and send mail to any > > >valid user on my server. Thankfully, if the user attempts to send > > >mail to a third party on a domain not hosted by me, it rejects it > > >with "530 SMTP authentication is required", so it's not wide open. > > >However, it is quite clearly ignoring EnforceAuth. > > > > > >Which brings me to my second problem. With my v1 ASSP, it was set up >thusly: > > > > > >1. Anyone could connect on port 25 and send mail from any user to any > > >user on my server, with no auth required. This is an obvious public > > >SMTP server. > > > > > >2. Users could connect on port 25 or 125 with SMTP Auth, and could > > >send mail from themselves (MAIL FROM had to be a known user on the > > >server) to any email address. > > > > > >#1 is working, as you would expect. However, #2 is not working. The > > >way it is currently functioning is: any user who has a valid account > > >on my server, can log in via SMTP AUTH, and send mail from ANY email > > >address, to ANY email address, and my server will happily relay it. > > >This is where the spam problem comes in - One of my users had their > > >PC compromised, and their SMTP password stolen by a trojan. This was > > >then used to log into my server from zombie spam bots and send > > >massive amounts of spam all over the world. This spam had "MAIL FROM" > > >various spammy places, not my local domains. Normally, if it was > > >working as it should, this would not have been permitted - the only > > >way the SMTP AUTH session should be able to send mail is if the mail > > >is from a valid user on the server. > > > > > >noProcessingIPs contains a small list of IPs, primarily containing a > > >web server that sends mail through my mail server. > > >noProcessingList contains one email address. > > >noProcessingDomains:= > > > > > >acceptAllMail contains the same list of IPs as is used for >noProcessingIPs. > > >DoLocalSenderDomain:=1 > > >DoLocalSenderAddress:=1 > > >nolocalDomains:= > > >ispip:= > > >contentOnlyRe:= > > >ispHostnames:= > > > > > >LocalAddresses_Flat:=file:files/users.txt > > >localDomains:=file:files/domains.txt > > >(these are both updated regularly by my mail server) > > > > > >noMsgId contains the same list of IPs as is used for noProcessingIPs. > > > > > >DoNoValidLocalSender:=1 > > >ForceNoValidLocalSender:=1 > > >DoNoSpoofing:=1 > > >DoLocalSender:=1 > > > > > >Am I missing something? Do I have something configured incorrectly? > > >Or is there a problem here in ASSP itself? I've been over the > > >configuration many times now, and I don't see what I could have set > > >up incorrectly. > >------------------------------------------------------------------- > ----------- > >Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are > >powering Web 2.0 with engaging, cross-platform capabilities. Quickly and > >easily build your RIAs with Flex Builder, the Eclipse(TM)based >development > >software that enables intelligent coding and step-through debugging. > >Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com > >_______________________________________________ > >Assp-test mailing list > >[email protected] > >https://lists.sourceforge.net/lists/listinfo/assp-test >------------------------------------------------------------------------------ >Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >powering Web 2.0 with engaging, cross-platform capabilities. Quickly and >easily build your RIAs with Flex Builder, the Eclipse(TM)based development >software that enables intelligent coding and step-through debugging. >Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >_______________________________________________ >Assp-test mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/assp-test > > > > >DISCLAIMER: >******************************************************* >This email and any files transmitted with it may be confidential, legally >privileged and protected in law and are intended solely for the use of the > >individual to whom it is addressed. >This email was multiple times scanned for viruses. There should be no >known virus in this email! >******************************************************* > >------------------------------------------------------------------------------ >Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are >powering Web 2.0 with engaging, cross-platform capabilities. Quickly and >easily build your RIAs with Flex Builder, the Eclipse(TM)based development >software that enables intelligent coding and step-through debugging. >Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com >_______________________________________________ >Assp-test mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
