> In addition to setting up an SPF record, consider removing your catchall
> account configuration. Even with an SPF record, you can receive this type
> of
> bounce message. Many SMTP servers do not check the SPF record so they do
> not
> know that the from email address is a forgery and generate a bounce
> message.
> I was receiving many of these bounce messages every day, even with a
> proper
> SPF record.
>
> Regards,
> Tim
Thanks guys!
Tim,
--snip--
$TTL 86400
@ IN SOA ns1.carolina-hosting.com.
admin.carolina-customs.com. (
2007102101 ; serial number YYMMDDNN
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
NS ns1.carolina-hosting.com.
NS ns2.carolina-hosting.com.
NS ns3.carolina-hosting.com.
MX 10 mail.carolina-hosting.com.
$ORIGIN carolina-customs.com.
carolina-customs.com IN A 68.159.106.99
@ IN A 68.159.106.99 ;added a @
* IN A 68.159.106.99
ns1 IN A 68.159.106.99
ns2 IN A 68.159.106.99
ns3 IN A 68.159.106.99
mail IN A 68.159.106.99
carolina-customs.com. IN TXT "v=spf1 ip4:68.152.106.99 a mx
a:mail.carolina-hosting.com mx:mail.carolina-hosting.com ~all"
adsl-068-159-106-099.sip.gsp.bellsouth.net. IN TXT "v=spf1 a -all"
mail.carolina-customs.com. IN TXT "v=spf1 a -all"
--/snip--
Until I get my T1 setup, I've only got an adsl single ip right now
I'm trying to setup SPF on carolina-customs.com
My mail is on mail.carolina-hosting.com box
Does this zone look right to you?
Thanks
~RD
>
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> To: <qmailtoaster-list@qmailtoaster.com>
> Cc: <qmailtoaster-list@qmailtoaster.com>
> Sent: Sunday, October 21, 2007 12:18 PM
> Subject: Re: [qmailtoaster] Security Holes?
>
>
>>> What you are seeing might not have anything to do with your box. If
>>> you
>>> do
>>> not have SPF records set up for your domain, anyone can send mail with
>>> your
>>> domain in the From address, claiming that it came from you. When the
>>> spam
>>> hits an invalid email address, the bounce will come back to you, since
>>> you
>>> are the host of the domain in the "From" address.
>>>
>>> W
>>
>>
>>
>> Hummm,
>> You might have hit the nail on the head.
>> I did not setup any SPF.
>>
>> Thanks,
>> ~RD
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>>
>>> On 10/21/07, [EMAIL PROTECTED] <
>>> [EMAIL PROTECTED]> wrote:
>>>>
>>>> > [EMAIL PROTECTED] wrote:
>>>> >> Hello guys,
>>>> >> I run custom compiled Gentoo headless boxes for hosting. Qmail
>>>> Toaster
>>>> >> won
>>>> >> me over about a year ago. So I put CentOS/QT on another server just
>>>> for
>>>> >> mail only.
>>>> >>
>>>> >> I had to take my QT box offline when I kept getting bounces from
>>>> >> everywhere to my catchall account. Somehow one of my domains was
>>>> sending
>>>> >> mails like crazy from different "names"@mydomain.com.
>>>> >>
>>>> >> I've shut that box down and have been watching my firewall logs and
>>>> I
>>>> >> had
>>>> >> several ip's pounding port 25.
>>>> >>
>>>> >> Now I've started up another one of my backup servers and did a
>>>> complete
>>>> >> re-install.
>>>> >>
>>>> >> I've installed QT/CentOS from the QT - The Easy Way...
>>>> >> The only thing I have not did within the guide is setup any domain
>>>> keys
>>>> >> and I have my own firewall rules. Other than that, this is up and
>>>> >> running
>>>> >> out of the box.
>>>> >>
>>>> >> Any security holes or steps you guys can inform me about?
>>>> >>
>>>> >> I'm going to look at the wiki as soon as I get time.
>>>> >>
>>>> >
>>>> > Lots of good info on the wiki.
>>>> > There are not any security holes per se. If you have a rogue/badly
>>>> > written PHP mailer script on one of your websites, that has nothing
>>>> to
>>>> > do with Toaster, Qmail, or any other mailer program.
>>>> > You can throttle people on port 25 if you'd like. Check the wiki (it
>>>> may
>>>> > be in the archives, don't remember), but there's a firewall rule you
>>>> can
>>>> > add in that will deny connections from IPs that connect more than x
>>>> > number of times in y number of minutes. This cuts down on the bots
>>>> some
>>>> > - I use it on some of my machines. You just have to be careful with
>>>> it.
>>>> > I have one client that has 75+ machines on a network, and they all
>>>> set
>>>> > their Outlook to check for messages every 2 minutes which flagged
>>>> them
>>>> > by this rule and blocked them for a while (too bad they're my most
>>>> > self-important client as well.....). But that will all be a moot
>>>> point
>>>> > if you have a spam-bot (PHP script or whatever) on your machine
>>>> anyway.
>>>> > You may just be seeing the bounces from the joe-job that was running
>>>> on
>>>> > your machine.
>>>> >
>>>> Thanks for the reply...
>>>> I'm sure it wasn't any php or script mailers.
>>>> The reason I asked about any security holes is none of the accounts
>>>> were
>>>> showing up in admin, qmailadmin or vpopadmin etc. I run several
>>>> servers
>>>> behind an ipcop linux firewall/router. I'm no guru at MTA's but I
>>>> forward
>>>> the mail ports to the mail server box.
>>>>
>>>> Well thnks again,
>>>> I'll get to the wiki asap,
>>>> RD
>>>>
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail:
>>>> [EMAIL PROTECTED]
>>>>
>>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> ---------------------------------------------------------------------
> QmailToaster hosted by: VR Hosted <http://www.vr.org>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
