More important than the RBL check, make sure you are not allowing any client to relay mail through you, check your /etc/tcp.smtp and make sure that RELAYCLIENT is only set for networks you want to be able to send mail through you. Example:
10.0.1.:allow,RELAYCLIENT="",SMTP550DISCONNECT="",RETURNMXCHECK="",BLOCKRELA YPROBE="" 192.168.:allow,RELAYCLIENT="",SMTP550DISCONNECT="",RETURNMXCHECK="",BLOCKREL AYPROBE="" :allow,SMTP550DISCONNECT="",RETURNMXCHECK="",BLOCKRELAYPROBE="",RBL="" Only mail from 10.0.1.* and 192.168.*.* will be relayed. Connections from anywhere else will be checked against your rbllist and relaying will only be allowed with pop before smtp. ----- Original Message ----- From: "Lars Kristian Roland" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 24, 2002 6:46 AM Subject: RE: smtp-after-pop and they're still spamming > Have tested it, and the smtp-after-pop normally works very well. > It's just for these spammers. But if there's no known bug, I've > either messed up or they've actully used pop first. > > About setting up RBL. The text says To activate RBL checks you have to set > RBL in qmail-smtpd's environment (with tcpserver) > > How do I do this? I'm using TCPServer. What doesn't it mean to set RBL to > anything. > Just to set a variable called RBL? Do I need to use the rblsmtpd > program? (http://cr.yp.to/ucspi-tcp/rblsmtpd.html) > > Thank you... > > Regards, > Lars > > -----Original Message----- > From: Claudio Jeker [mailto:[EMAIL PROTECTED]] > Sent: 24. mai 2002 10:29 > To: [EMAIL PROTECTED] > Subject: Re: smtp-after-pop and they're still spamming > > > On Fri, May 24, 2002 at 09:51:37AM +0200, Lars Kristian Roland wrote: > > Hi, > > > > (btw. Thanks for the info on indexing ldap. Maild seem not to fail any > > more after we indexed it. ) > > > > The last couple of days, the traffic of my server has increased with > > 20.000 messages per day. I think it's someone using my server for spam, > > as there are several log entries that seem like this. > > > > But... I have smtp-after-pop set up, and as far as I thought, this > > should stop the spam. > > > > Still, I'm getting things like this in the logs: (after the mail) > > > > They seem to be spamming from a server called rediffmail.com. But how can > > they send messages via my server. Cleverly, they're not sending messages > > to my users, as they would have complained. But I could see in the logs > > and statistics that there was something wrong. > > > > On obvious answer would be that someone has used pop from their server, > > right? > > > Probably or a misconfiguration of the qmail-smtpd chain. > To test it try to relay a mail form a not alowed server. > > > Are there any other answers? Are there any other things I can do to > prevent > > this? > > > First of all how is your smtpd server configured? > What are your tcprules (tcpserver cdb)? > > > Do you have a good URL with info on how to set up RBL? or any other way I > > can prevent this? > > > Info about RBL have a look at QLDAPINSTALL: > ~control/rbllist > > Rbllist contains a number of RBL's to check for the given senders IP > address. > The file consists of four TAB separated fields. > basedomain: base domain address to lookup (e.g. relays.ordb.org) > action: one of addheader or reject. > addheader will just create a X-RBL: header whereas > reject will reject the smtp connection instantly with a 553 > error. > matchon: any or IP-Address, if a IP-Address is specified the action is > only > taken if the returned address form basedomain is equal to > IP-Address. With any all returned IP-Address will match. > message: message to be included in X-RBL: headers and 553 errors. > > Example: > basedomain action matchon message > ======================================================================== > relays.ordb.org reject any see http://ordb.org > spamguard.leadmon.net addheader 127.0.0.2 address is a dialup address > > NOTE: for readability we replaced the tabs between the four fields > basedoamin, > action, matchon and message with spaces (so you can not copy paste > the > example. (Also the first two lines are not part of the file) > Default: none > Note: Multiline. To activate RBL checks you have to set RBL in > qmail-smtpd's > environment (with tcpserver). See this website for more information > on > available RBLs: http://www.declude.com/JunkMail/Support/ip4r.htm > > > > -- > :wq Claudio > >
