Have tested it, and the smtp-after-pop normally works very well. It's just for these spammers. But if there's no known bug, I've either messed up or they've actully used pop first.
About setting up RBL. The text says To activate RBL checks you have to set RBL in qmail-smtpd's environment (with tcpserver) How do I do this? I'm using TCPServer. What doesn't it mean to set RBL to anything. Just to set a variable called RBL? Do I need to use the rblsmtpd program? (http://cr.yp.to/ucspi-tcp/rblsmtpd.html) Thank you... Regards, Lars -----Original Message----- From: Claudio Jeker [mailto:[EMAIL PROTECTED]] Sent: 24. mai 2002 10:29 To: [EMAIL PROTECTED] Subject: Re: smtp-after-pop and they're still spamming On Fri, May 24, 2002 at 09:51:37AM +0200, Lars Kristian Roland wrote: > Hi, > > (btw. Thanks for the info on indexing ldap. Maild seem not to fail any > more after we indexed it. ) > > The last couple of days, the traffic of my server has increased with > 20.000 messages per day. I think it's someone using my server for spam, > as there are several log entries that seem like this. > > But... I have smtp-after-pop set up, and as far as I thought, this > should stop the spam. > > Still, I'm getting things like this in the logs: (after the mail) > > They seem to be spamming from a server called rediffmail.com. But how can > they send messages via my server. Cleverly, they're not sending messages > to my users, as they would have complained. But I could see in the logs > and statistics that there was something wrong. > > On obvious answer would be that someone has used pop from their server, > right? > Probably or a misconfiguration of the qmail-smtpd chain. To test it try to relay a mail form a not alowed server. > Are there any other answers? Are there any other things I can do to prevent > this? > First of all how is your smtpd server configured? What are your tcprules (tcpserver cdb)? > Do you have a good URL with info on how to set up RBL? or any other way I > can prevent this? > Info about RBL have a look at QLDAPINSTALL: ~control/rbllist Rbllist contains a number of RBL's to check for the given senders IP address. The file consists of four TAB separated fields. basedomain: base domain address to lookup (e.g. relays.ordb.org) action: one of addheader or reject. addheader will just create a X-RBL: header whereas reject will reject the smtp connection instantly with a 553 error. matchon: any or IP-Address, if a IP-Address is specified the action is only taken if the returned address form basedomain is equal to IP-Address. With any all returned IP-Address will match. message: message to be included in X-RBL: headers and 553 errors. Example: basedomain action matchon message ======================================================================== relays.ordb.org reject any see http://ordb.org spamguard.leadmon.net addheader 127.0.0.2 address is a dialup address NOTE: for readability we replaced the tabs between the four fields basedoamin, action, matchon and message with spaces (so you can not copy paste the example. (Also the first two lines are not part of the file) Default: none Note: Multiline. To activate RBL checks you have to set RBL in qmail-smtpd's environment (with tcpserver). See this website for more information on available RBLs: http://www.declude.com/JunkMail/Support/ip4r.htm -- :wq Claudio
