> Sam Varshavchik wrote: > > One of your users probably has his PC hacked, and it's being used to > > spew spam. From your standpoint, your user validly authenticated > > through your mail server, and is sending authenticated mail.
On 30.12.09 06:21, Ken Sarkies wrote: > Just as a follow up, we think we've found the problem. We had ESMTPAUTH > enabled in the Courier esmptd configuration file. This allows > authenticated relaying through the server. Someone outside had > presumably managed to obtain authentication information to allow them > access (yes, at least one of our users had a weak password). We have > enabled some more logging, but we have to close it off for security so > we may never find out. > A solution to allow internal subnet relaying seems to be to put > ESMTPAUTH into the smtpaccess files. This isn't documented, but I gather > a whole range of environment variables can be enabled for specific > address ranges in these files. Anyway it seems to work so far. funny: we as an ISP we sss the problem in exactly opposite way: allowing relaying without AUTH is unsafe, since anyone with access to (our or customers') network can spam without any authentication info, which is quite hard to filter off (without disabling relay to other users from the same IP who do not have password). Since many of our customers already had hijacked or infected PCs with malware spamming without authentication info (even not through our servers), we recommend to customers to use the same scheme - requiring authentication (preferrably through SSL/TLS) instead of blind relaying. I found it much easier to hunt for weak/stolen passwords and blocking accounts than deal with relaying with spam from shared/dynamic IP addresses. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I'm not interested in your website anymore. If you need cookies, bake them yourself. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
