On Fri, May 24, 2002 at 09:51:37AM +0200, Lars Kristian Roland wrote:
> Hi,
>
> (btw. Thanks for the info on indexing ldap. Maild seem not to fail any
> more after we indexed it. )
>
> The last couple of days, the traffic of my server has increased with
> 20.000 messages per day. I think it's someone using my server for spam,
> as there are several log entries that seem like this.
>
> But... I have smtp-after-pop set up, and as far as I thought, this
> should stop the spam.
>
> Still, I'm getting things like this in the logs: (after the mail)
>
> They seem to be spamming from a server called rediffmail.com. But how can
> they send messages via my server. Cleverly, they're not sending messages
> to my users, as they would have complained. But I could see in the logs
> and statistics that there was something wrong.
>
> On obvious answer would be that someone has used pop from their server,
> right?
>
Probably or a misconfiguration of the qmail-smtpd chain.
To test it try to relay a mail form a not alowed server.
> Are there any other answers? Are there any other things I can do to prevent
> this?
>
First of all how is your smtpd server configured?
What are your tcprules (tcpserver cdb)?
> Do you have a good URL with info on how to set up RBL? or any other way I
> can prevent this?
>
Info about RBL have a look at QLDAPINSTALL:
~control/rbllist
Rbllist contains a number of RBL's to check for the given senders IP
address.
The file consists of four TAB separated fields.
basedomain: base domain address to lookup (e.g. relays.ordb.org)
action: one of addheader or reject.
addheader will just create a X-RBL: header whereas
reject will reject the smtp connection instantly with a 553 error.
matchon: any or IP-Address, if a IP-Address is specified the action is only
taken if the returned address form basedomain is equal to
IP-Address. With any all returned IP-Address will match.
message: message to be included in X-RBL: headers and 553 errors.
Example:
basedomain action matchon message
========================================================================
relays.ordb.org reject any see http://ordb.org
spamguard.leadmon.net addheader 127.0.0.2 address is a dialup address
NOTE: for readability we replaced the tabs between the four fields basedoamin,
action, matchon and message with spaces (so you can not copy paste the
example. (Also the first two lines are not part of the file)
Default: none
Note: Multiline. To activate RBL checks you have to set RBL in qmail-smtpd's
environment (with tcpserver). See this website for more information on
available RBLs: http://www.declude.com/JunkMail/Support/ip4r.htm
--
:wq Claudio
