Wicus -
On port 25 CURRENTLY:
- If the connection is for a LOCAL address (that is: the RECIPIENT
address is one that is local to the server), the message is accepted --
regardless of whether you are authenticated or not
- If the connection is for a REMOTE address (that is: the RECIPIENT
address is one that is NOT local to the server), the messages is
accepted ONLY IF the user is authenticated.
Again, the CORRECT use of port 25 is SOLELY for the receipt of inbound
messages for the local server. Users (who authenticate) should be using
ports 587 or 465 -- which, after they authenticate, will allow them to
relay to other servers.
Now here's a kicker -- if you authenticate to the QMail SMTP server
(with ANY credentials that work!) you can send as any user to any user.
Once you're AUTHENTICATED, you're free to send from anyone TO anyone.
This is because the AUTH mechanism is separate from the SMTP mechanism
-- and to my knowledge, there is no way to fix this in QMail (maybe with
spamdyke? I don't know).
Now, if your server accepts UNAUTHENTICATED clients, and forwards to
domains that are NOT LOCAL to you, then you are what is referred to as
an "OPEN RELAY" -- you've made a mistake that will get you blacklisted
within 24-48 hours, for sure! :)
I hope this answers your question Wicus...
Dan
IT4SOHO
On 2/16/2014 3:07 PM, Wicus Roets wrote:
Eric,
This is where I'm confused. If qmail accepts mail for relay based on
authentication of a valid account/pw pair, how could I have send mail via
telnet on port 25 by only supplying a valid account (without a password)?
-----Original Message-----
From: Eric Shubert [mailto:e...@shubes.net]
Sent: 16 February 2014 09:56 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spamming via valid vpopmail account
On 02/16/2014 11:32 AM, Wicus Roets wrote:
That explains is quite nicely.
One more question though ;)
Quoting from "http://gmane.org/post.php"; - " People who do not have
valid email addresses in their From or Reply-To headers can't use
Gmane to post to mailing lists."
That's (primarily) because gmane doesn't have accounts with passwords.
It uses the From/Reply-To to verify that an address exists, when the first
message from an account is sent to the list. This is akin to adding an
account.
From my earlier mail, qmail accepts mail based only on the "rcpt to:"
of the header. As an interim, would inclusion of verification on the "mail
from:"
be easier/quicker ?
I'm not sure what you mean by this. qmail accepts mail (for relay) based on
authentication (valid account/pw pair).
I don't think that verifying the "mail from" is always practical, but I know
that SamC is considering adding some such capability to spamdyke. I think we
should wait and see what he comes up with for that. QMT doesn't presently
use spamdyke on port 587, but it soon will. spamdyke v5.0 was just released,
and once it's deemed stable (by me), QMT will use it to handle
authentication (on port 587).
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
