Blok all mail on smtp accept auth or from ip
Hi all, We have a central mailserver that receives internet mail. Decentralized mail servers pull the internet mail from this server with fetchmail. On the decentralized mail servers (that are connected to the internet) I want to blok all smtp connection (also for mails send to local receipents) accept when the user is authenticated or if the ip from witch the mail is send is accepted. I use tcpserver: Run: #!/bin/sh exec 21 \ envdir ./env \ sh -c ' case $REMOTENAME in h) H=;; p) H=p;; *) H=H;; esac case $REMOTEINFO in r) R=;; [0-9]*) R=t$REMOTEINFO;; *) R=R;; esac exec \ envuidgid qmaild \ softlimit ${DATALIMIT+-d$DATALIMIT} \ /usr/bin/tcpserver \ -vDU$H$R \ ${LOCALNAME+-l$LOCALNAME} \ ${BACKLOG+-b$BACKLOG} \ ${CONCURRENCY+-c$CONCURRENCY} \ -xtcp.cdb \ -- ${IP-0} ${PORT-25} \ /var/qmail/bin/qmail-smtpd ' Tcp: Allowed ip 1:allow,RELAYCLIENT= Allowed ip 2:allow,RELAYCLIENT= :allow,SMTPAUTH= :deny Any solutions? Regards, Didier
Re: Spam problems smtp proxy or patch
Thanks, I will try both, currently I am also testing qconfirm/ask/ tdma to see with one works better with qmail-ldap. regards. On Oct 24, 2006, at 8:39 AM, Felipe Augusto van de Wiel wrote: Hey! On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu: Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. I just remember that eMPF is worth to take a look: http://www.inter7.com/?page=empf regards. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig Description: This is a digitally signed message part
Re: Spam problems smtp proxy or patch
For a quick fix I installed spamguard ( http://www.enderunix.org/ spamguard) and is starting to give some results, currently It has helpme to identifiy the spamers and the program it self based on threshold values moves does users to the /var/qmail/control/badmailfrom. regards. On Oct 24, 2006, at 8:27 AM, Felipe Augusto van de Wiel wrote: On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu: Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. I found [1]this on qmail.org. 1. http://spamthrottle.qmail.ca/ There is even a qmail-ldap patch. If it solve your problem, maybe you can make some comments so we can request the nice qmail-ldap guys to integrate it in the qmail-ldap patch. :-) regards. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig Description: This is a digitally signed message part
anonymous bind for qmailgroup entries?
Hi all, I'm using qmail-ldap on different servers since about more than one year. Now I've set up a new one with virtual users environment. My qmail-installation uses a dedicated account for retrieving LDAP-attributes and I have set the LDAP ACL very restrictive to prevent users from seeing other accounts. Mail delivery for normal qmailusers works very well, but I observe a strange problem with qmailgroups. The following is derived from slapd's logfile: qmail binds correctly as the dedicated user to search the mail address. After the entry with the corresponding address is found, it retrieves all LDAP Attributes for a normal qmailuser within the existing bind and therefore succeeds with delivery. But for a qmailgroup entry it unbinds and rebinds anonymously and is then not able to read the attribute entry and all other attributes since this is prohibited by my LDAP-ACLs for anonymous binds. Can anyone of you experts tell me if this is desired behaviour and why? Or did I miss a simple configuration option? Any help greatly appreciated, Thanks, Robert -- Robert Müller Thinxsolutions Müller,Bender,Guth GbR Maarweg 139 50825 Köln Fon: +49 221 3550353 0 Fax: +49 221 3550353 99 Mob: +49 179 5303775 [EMAIL PROTECTED] http://www.thinxsolutions.de
Re: anonymous bind for qmailgroup entries?
On Tue, Oct 24, 2006 at 06:43:17PM +0200, Robert Müller wrote: Hi all, I'm using qmail-ldap on different servers since about more than one year. Now I've set up a new one with virtual users environment. My qmail-installation uses a dedicated account for retrieving LDAP-attributes and I have set the LDAP ACL very restrictive to prevent users from seeing other accounts. Mail delivery for normal qmailusers works very well, but I observe a strange problem with qmailgroups. The following is derived from slapd's logfile: qmail binds correctly as the dedicated user to search the mail address. After the entry with the corresponding address is found, it retrieves all LDAP Attributes for a normal qmailuser within the existing bind and therefore succeeds with delivery. But for a qmailgroup entry it unbinds and rebinds anonymously and is then not able to read the attribute entry and all other attributes since this is prohibited by my LDAP-ACLs for anonymous binds. Can anyone of you experts tell me if this is desired behaviour and why? Or did I miss a simple configuration option? Any help greatly appreciated, Most of the time this happen because ~control/ldappassword is not readably by the user which runs the qmail-group command. This is why ~control/ldapgrouplogin and ~control/ldapgrouppassword exist. Especally it makes it possible to use a different user for the normal mail lookup then for the group lookups. group lookups only need read access to some fields (e.g. userPassword is not needed) allowing stricter ACL rules. Additionally it makes it possible to tune the limits in slapd. -- :wq Claudio