Re: [gentoo-user] Open Relay - What Happened?
On 6/29/07, Randy Barlow [EMAIL PROTECTED] wrote:
Vladimir Rusinov wrote:
You have problems with client restrictions.
It is very weird that spammer haven't attacked your server since November.
Thanks for your help Vladimir, I believe my e-mail server is secure now!
--
Randy Barlow
http://electronsweatshop.com
But you are a chosen race, a royal priesthood, a holy nation, a people
for his own possession, that you may proclaim the excellencies of him
who called you out of darkness into his marvelous light. Once you were
not a people, but now you are God's people; once you had not received
mercy, but now you have received mercy. ~1 Peter 2:9-10
--
[EMAIL PROTECTED] mailing list
Just be aware bounce-mails are not nessicarily an indication of a
compromised box. Lately some spammers have learn't they can double
their audience and halve their own send rate by putting victim1 as the
to address, and victim2 as the from field, so that way when
servers send a 'sorry, cant deliver this message' it bascially acts
as a open-relay-on-bounce ( if theres any doubt, check the headers of
the bounced message, sometimes you'll find your server never touched
it )
--
Kent
ruby -e '[1, 2, 4, 7, 0, 9, 5, 8, 3, 10, 11, 6, 12, 13].each{|x|
print enNOSPicAMreil [EMAIL PROTECTED][(2*x)..(2*x+1)]}'
--
[EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open Relay - What Happened?
Kent Fredric wrote: Just be aware bounce-mails are not nessicarily an indication of a compromised box. Lately some spammers have learn't they can double their audience and halve their own send rate by putting victim1 as the to address, and victim2 as the from field, so that way when servers send a 'sorry, cant deliver this message' it bascially acts as a open-relay-on-bounce ( if theres any doubt, check the headers of the bounced message, sometimes you'll find your server never touched it ) Right, but the headers in my instance definitely confirmed that I had been blocked by my ISP. Also, e-mails that I had personally sent to people I know were getting bounced. But thanks for the tip! -- Randy Barlow http://electronsweatshop.com But you are a chosen race, a royal priesthood, a holy nation, a people for his own possession, that you may proclaim the excellencies of him who called you out of darkness into his marvelous light. Once you were not a people, but now you are God's people; once you had not received mercy, but now you have received mercy. ~1 Peter 2:9-10 -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open Relay - What Happened?
Vladimir Rusinov wrote: You have problems with client restrictions. It is very weird that spammer haven't attacked your server since November. Thanks for your help Vladimir, I believe my e-mail server is secure now! -- Randy Barlow http://electronsweatshop.com But you are a chosen race, a royal priesthood, a holy nation, a people for his own possession, that you may proclaim the excellencies of him who called you out of darkness into his marvelous light. Once you were not a people, but now you are God's people; once you had not received mercy, but now you have received mercy. ~1 Peter 2:9-10 -- [EMAIL PROTECTED] mailing list
[gentoo-user] Open Relay - What Happened?
So I'm running postfix on Gentoo, and have been doing so happily since about November. Until today I got a rejection for relayed mail notice from Road Runner. I read on their site that this happens when your IP address sends more than 1000 e-mails in 24 hours. My first thought was my windows-using roommates, but then I checked my e-mail server from the outside and indeed it was open. This is weird though, because I believe I have it configured for authenticated users only. I even tried setting it to only allow connections from this host, and still it happily accepts connections from outside and tries to relay those e-mails to other domains (of course, I would expect it to accept mail for electronsweatshop.com.) Here are some settings in /etc/postfix/main.cf that I think are relevant, anybody have any comments/criticisms/suggestions? myorigin = $myhostname mydestination = $myhostname, localhost.$mydomain, $mydomain mynetworks_style = subnet # I tried setting to host to see if that would # solve the problem (nope) smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = broken_sasl_auth_clients = yes # I've tried the following also adding reject_unauth_destination,reject_unknown_client, but that didn't solve the problem either smtpd_client_restrictions = permit_sasl_authenticated smtp_use_tls = yes smtpd_use_tls=yes smtpd_tls_auth_only = yes relayhost = smtp-server.carolina.rr.com # I actually have several domains listed here. Does anyone know how to get it to allow me to relay to all domains once I have properly authenticated? relay_domains = bunchofdomains.com smtpd_tls_security_level = may I fully appreciate any help anyone can offer. I made this setup just by following some guides I found here and there online, and don't really have a good grasp on the 6 volume manual that is postfix docs :) -- Randy Barlow http://electronsweatshop.com But you are a chosen race, a royal priesthood, a holy nation, a people for his own possession, that you may proclaim the excellencies of him who called you out of darkness into his marvelous light. Once you were not a people, but now you are God's people; once you had not received mercy, but now you have received mercy. ~1 Peter 2:9-10 -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Open Relay - What Happened?
On 6/28/07, Randy Barlow [EMAIL PROTECTED] wrote: So I'm running postfix on Gentoo, and have been doing so happily since about November. Until today I got a rejection for relayed mail notice from Road Runner. I read on their site that this happens when your IP address sends more than 1000 e-mails in 24 hours. You have problems with client restrictions. It is very weird that spammer haven't attacked your server since November. Try the following: smtpd_helo_required = yes disable_vrfy_command = yes unknown_hostname_reject_code = 550 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mx_backup, reject_unauth_pipelining, reject_unauth_destination, check_relay_domains, reject Or just smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_relay_domains, reject -- Vladimir Rusinov GreenMice Solutions: IT-решения на базе Linux http://greenmice.info/
