Re: [vchkpw] block non-relay from remote to local?
On Thursday 30 June 2005 03:24 pm, Paul Theodoropoulos wrote: okay, i'm probably having a brain fart on this, so bear with me. i have a customer who is coming online tomorrow. they preconfigured their addresses on the server some time ago through our qmailadmin interface (for the record, vpopmail 5.4.10, qmailadmin 1.2.7). my structure is this: three incoming MX-only servers. one proxy server the MX servers forward on to to do spam/virus scanning, then pushed to the POP/IMAP/Webmail server where customers do their thang. tcpserver patched with Matt Simerson's mysql patch so that the relay queries don't hammer the tcp.smtp.cdb file. all works dandy. the customer has *not* pointed the MX for their domain to us yet. that will happen tonight. however, the customer has reported that several of their accounts have received virus-laden email. it took a while to figure it out - apparently the virus is hitting our POP server, which is not an MX, and I guess happened to be bearing viruses intended for the domain that *is* set up on the server - so the server dutifully delivered the 'messages'. it's probably set up as mail.example.com, where example.com is the domain that is being pointed over to the new system. simply remove the domain from the rcpthosts file on the non-MX servers and no mail will be able to come in for that domain there. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ qmail wiki @ qmailwiki.org !! pgpd5aPOsFy8n.pgp Description: PGP signature
Re: [vchkpw] block non-relay from remote to local?
At 02:26 PM 6/30/2005, Jeremy Kitchen wrote: the customer has *not* pointed the MX for their domain to us yet. that will happen tonight. however, the customer has reported that several of their accounts have received virus-laden email. it took a while to figure it out - apparently the virus is hitting our POP server, which is not an MX, and I guess happened to be bearing viruses intended for the domain that *is* set up on the server - so the server dutifully delivered the 'messages'. it's probably set up as mail.example.com, where example.com is the domain that is being pointed over to the new system. i wish it were that simple. here's the header, with assorted bits obfuscated for customer privacy: Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 12860 invoked from network); 22 Jun 2005 04:13:34 - Received: from unknown (HELO scapevelocity.com) (210.18.120.34) by pop.smileglobal.com with SMTP; 22 Jun 2005 04:13:34 - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Hello Date: Wed, 22 Jun 2005 09:41:35 +0530 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0013_06F33F3E.1EC6B4FD X-Priority: 3 X-MSMail-Priority: Normal that's the entire header, no more, no less. simply remove the domain from the rcpthosts file on the non-MX servers and no mail will be able to come in for that domain there. well, sure, i could do that, but then when they cut over here it'll bollox everything up. the domain has to be in rcpthosts on the POP server - heck, vpopmail maintains the rcpthosts/morercpthosts automatically on the POP server. I'm not clear how the server would accept new incoming mail for the domain from my own servers once the MX does cut over here if there's no entry in rcpthosts. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
Re: [vchkpw] block non-relay from remote to local?
On Thursday 30 June 2005 05:24 pm, Paul Theodoropoulos wrote: simply remove the domain from the rcpthosts file on the non-MX servers and no mail will be able to come in for that domain there. well, sure, i could do that, but then when they cut over here it'll bollox everything up. the domain has to be in rcpthosts on the POP server - heck, vpopmail maintains the rcpthosts/morercpthosts automatically on the POP server. I'm not clear how the server would accept new incoming mail for the domain from my own servers once the MX does cut over here if there's no entry in rcpthosts. you would just tell your POP server to allow relaying from the MX servers. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ qmail wiki @ qmailwiki.org !! pgpmXL8fn5Kdt.pgp Description: PGP signature
Re: [vchkpw] block non-relay from remote to local?
At 03:35 PM 6/30/2005, Jeremy Kitchen wrote: well, sure, i could do that, but then when they cut over here it'll bollox everything up. the domain has to be in rcpthosts on the POP server - heck, vpopmail maintains the rcpthosts/morercpthosts automatically on the POP server. I'm not clear how the server would accept new incoming mail for the domain from my own servers once the MX does cut over here if there's no entry in rcpthosts. you would just tell your POP server to allow relaying from the MX servers. okay, i presume then that there's a way to add permanent relay entries into the mysql database. i'll have to do a little research. what about vpopmail's insistence on maintaining the rcpthosts/morercpthosts files? will i have to manually delete the files after each new domain is added to the server? sorry for all the questions. Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
Re: [vchkpw] block non-relay from remote to local?
On Thursday 30 June 2005 05:44 pm, Paul Theodoropoulos wrote: At 03:35 PM 6/30/2005, Jeremy Kitchen wrote: well, sure, i could do that, but then when they cut over here it'll bollox everything up. the domain has to be in rcpthosts on the POP server - heck, vpopmail maintains the rcpthosts/morercpthosts automatically on the POP server. I'm not clear how the server would accept new incoming mail for the domain from my own servers once the MX does cut over here if there's no entry in rcpthosts. you would just tell your POP server to allow relaying from the MX servers. okay, i presume then that there's a way to add permanent relay entries into the mysql database. no need for this, just edit your tcp.smtp file and add a static entry. i'll have to do a little research. what about vpopmail's insistence on maintaining the rcpthosts/morercpthosts files? will i have to manually delete the files after each new domain is added to the server? well, you want to make sure at least rcpthosts EXISTS, but it can be empty. if you add a new domain to the system you will have to go and manually remove it from the file, but vpopmail won't completely rebuild the file with all of the domains for you. sorry for all the questions. YOU SHOULD BE! just kidding ;) -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ qmail wiki @ qmailwiki.org !! pgppp5Anqxy1x.pgp Description: PGP signature
Re: [vchkpw] block non-relay from remote to local?
At 04:01 PM 6/30/2005, you wrote: okay, i presume then that there's a way to add permanent relay entries into the mysql database. no need for this, just edit your tcp.smtp file and add a static entry. i wish - except for this config option when i built vpopmail: --disable-rebuild-tcpserver-file \ neither my /service/smtpd/tcp.cdb nor /u1/etc/tcp.smtp.cdb are being accessed. well, you want to make sure at least rcpthosts EXISTS, but it can be empty. if you add a new domain to the system you will have to go and manually remove it from the file, but vpopmail won't completely rebuild the file with all of the domains for you. cool. sorry for all the questions. YOU SHOULD BE! just kidding ;) well, hopefully this little conversation will help out some other poor soul, so it's not been a total loss! Paul Theodoropoulos http://www.anastrophe.com http://www.smileglobal.com
