On Fri, Apr 13, 2001 at 02:41:22PM -0700, Steven Katz wrote:
> I'm calling it domain.com to protect it's identity as it's currently
> in an extremely vulnerable state (which should be obvious from my
> questions). What's the big deal?
>
> Steven
You have not protected its identity -- search for my hostname in your
mail log files. You'll find that I verified that you provided correct
munged information in your first post (You did -- if I substitute the
right domain name into your original message, everything is as you
stated). Your mail server is still broken, though -- I get 'Relaying
denied' attempting to send you mail... :)
Anyone capable of rooting your box already has enough information to
start digging. This is a public server, with public DNS entries, and
knowing that it runs qmail is _not_ an advantage to an attacker
interested in root compromise. Period.
BTW, your 'isn't in my list of allowed rcpthosts' is a FAQ -- search the
archives. You have a selective relay problem. Also, you'll want to fix
control/locals[1] and control/rcpthosts to reflect that you want to
recieve mail for 'domain.com'. You still haven't stopped pointing MX at
CNAME, and two of your nameservers are broken -- 'ns1.mydomain.com' and
'ns2.mydomain.com' both refuse queries.
Summary -- I asked the first time that you please post correct
information, but offered help anyway (it appears that noone else did,
probably because most of the list ignores obviously bogus DNS
information). You not only did not post the information asked for, you
posted another message with mangled DNS information, and asked a FAQ at
that... Look at this from the list's perspective -- who is in the wrong
here? If you knew for sure what information the list needed to help you,
you'd hardly need the help, right? (Trying to keep this friendly, and
polite, but people constantly doing this gets frustrating...)
[1] or control/virtualdomains -- depends on your setup, of course. ;)
--
Greg White
Those who make peaceful revolution impossible will make violent
revolution inevitable.
-- John F. Kennedy
