In addition to setting up an SPF record, consider removing your catchall
account configuration. Even with an SPF record, you can receive this type of
bounce message. Many SMTP servers do not check the SPF record so they do not
know that the from email address is a forgery and generate a bounce message.
I was receiving many of these bounce messages every day, even with a proper
SPF record.
Regards,
Tim
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <qmailtoaster-list@qmailtoaster.com>
Cc: <qmailtoaster-list@qmailtoaster.com>
Sent: Sunday, October 21, 2007 12:18 PM
Subject: Re: [qmailtoaster] Security Holes?
What you are seeing might not have anything to do with your box. If you
do
not have SPF records set up for your domain, anyone can send mail with
your
domain in the From address, claiming that it came from you. When the
spam
hits an invalid email address, the bounce will come back to you, since
you
are the host of the domain in the "From" address.
W
Hummm,
You might have hit the nail on the head.
I did not setup any SPF.
Thanks,
~RD
On 10/21/07, [EMAIL PROTECTED] <
[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] wrote:
>> Hello guys,
>> I run custom compiled Gentoo headless boxes for hosting. Qmail
Toaster
>> won
>> me over about a year ago. So I put CentOS/QT on another server just
for
>> mail only.
>>
>> I had to take my QT box offline when I kept getting bounces from
>> everywhere to my catchall account. Somehow one of my domains was
sending
>> mails like crazy from different "names"@mydomain.com.
>>
>> I've shut that box down and have been watching my firewall logs and I
>> had
>> several ip's pounding port 25.
>>
>> Now I've started up another one of my backup servers and did a
complete
>> re-install.
>>
>> I've installed QT/CentOS from the QT - The Easy Way...
>> The only thing I have not did within the guide is setup any domain
keys
>> and I have my own firewall rules. Other than that, this is up and
>> running
>> out of the box.
>>
>> Any security holes or steps you guys can inform me about?
>>
>> I'm going to look at the wiki as soon as I get time.
>>
>
> Lots of good info on the wiki.
> There are not any security holes per se. If you have a rogue/badly
> written PHP mailer script on one of your websites, that has nothing to
> do with Toaster, Qmail, or any other mailer program.
> You can throttle people on port 25 if you'd like. Check the wiki (it
may
> be in the archives, don't remember), but there's a firewall rule you
can
> add in that will deny connections from IPs that connect more than x
> number of times in y number of minutes. This cuts down on the bots
some
> - I use it on some of my machines. You just have to be careful with
it.
> I have one client that has 75+ machines on a network, and they all set
> their Outlook to check for messages every 2 minutes which flagged them
> by this rule and blocked them for a while (too bad they're my most
> self-important client as well.....). But that will all be a moot point
> if you have a spam-bot (PHP script or whatever) on your machine
anyway.
> You may just be seeing the bounces from the joe-job that was running
on
> your machine.
>
Thanks for the reply...
I'm sure it wasn't any php or script mailers.
The reason I asked about any security holes is none of the accounts were
showing up in admin, qmailadmin or vpopadmin etc. I run several servers
behind an ipcop linux firewall/router. I'm no guru at MTA's but I
forward
the mail ports to the mail server box.
Well thnks again,
I'll get to the wiki asap,
RD
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
