Another important point this is for people who run websites also on the same server as the mail server
we enable smtp authentication even for emails going from inside the server ie via webmail for email forms clients may initially complain that email forms does not work but once you have authentication in place for the form then it will save the server owner from a lot of problems. For example one of my clients used oscommerce which does not have password protection for the administrative account and he did not care to inform me that he is putting it up. squirrelmail which is run on the same server as qmail toaster we ensure that it uses smtp and a login mechanism using the imap user id and password the hacker uploaded a php formmail and had a great time shooting out spam. other than normal 587 i have created extra Non-Standard ports for sending out authenticated emails. Example i have a client who is a high volume sender and 100s people sitting in one single location. I have dedicated an absolutely separate smtp port for them which nobody else users. I can track smtp connections on this port and incase of any issues simply trigger iptables to block the static ip. creation of extra submission ports this can be done by simply cp -pR the entire /var/qmail/supervise/submission directory, editing the run file and the logging file Separate port for squirrelmail for all webmail communications i use a separate smtp submission port thus i have port 25 for external emails coming in, a port for webmail and another port for my authenticated clients who send out emails thru my server this helps a great deal in trouble shooting and identifying when problems come up rajesh > hi > > we run qmail toaster on our all our email servers. qmailtoaster provided > great protection against external spam but to date i am quite helpless > against spam coming from within the server or the misuse of the same by > own customers > > i am quoting below my experiences > > 1) authenticated sender spamming > qmailtoaster smtp is built in such a way that once authenticated it allows > sending out emails immaterial of whether the envelope sender is a domain > on the server or not. > > example in my outlook express i create a dummy email id ; [email protected] as > the mail from and reply to. for authentication i use some > use...@domain_on_server.com and password ... and thats it i can send any > no of emails with the mailfrom as a dummy yahoo account. this is how > spamming has been taking place thru my server since some smart hacker > picks up the smtp auth userid and password of some client of mine and > misuses it. > > > 2) clients misusing the system > my own clients can misuse the system. they purchase email service for one > single domain and use the smtp auth information for sending out emails > with the mailfrom as their other domains > > 3) at present there is no check on the number of emails per hour / per day > been implemented, there is no such restrictions in qmail ... > > work around solutions that i am looking at is as such > > i have created absolutely non-standard ports for my clients > > i have analysed smtp traffic during different times of day example during > night time the traffic is very low and during day time from 10 am to 6 pm > it is at the peak > > i used simple iptables rules to block ips which trespass the limits > > one rule for daytime and one rule for night time which are added / removed > automtically by a cron job. > > #### RULE BETWEEN 10 AM AND 6 PM > iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent > --set > iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent > --update --seconds 120 --hitcount 90 -j DROP > > #### RULE BETWEEN 6 PM UPTO 10 AM > iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m > recent --set > iptables -I INPUT -p tcp --dport 5225 -i eth0 -m state --state NEW -m > recent --update --seconds 120 --hitcount 30 -j DROP > > also building a queue monitoring tool -- checking the queue and if the no > of emails exceed a specified limit, the tool will pickup ips from the > emails in the queue and block them > > > thanks > rajesh > > > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: > [email protected] > For additional commands, e-mail: > [email protected] > > > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
