Re: Spam problem
You need to adjust a few settings in Qmail. Put all the domains that recieve mail in /var/qmail/control/rcpthosts That will shutdown your open relay. That one file will only allow people to send mail to your box if and only if the TO: is addressed to a domain listed in rcpthosts, everything else will be rejected. If people must be able to route mail through you run tcpserver, the qmail faq covers that very well. If they roam, enable roaming users in vpopmail and force pop before smtp. Also think about using the SpamControl patches at http://www.fehcom.de/qmail/spam.html Philip Wall
Re: Spam problem
On Mon, 18 Jun 2001, Syed Faruque Ahmed wrote: > If so, then I suppose one could detect and block the access from these > IPs. I am not sure if "badmailfrom" will work with IPs. Will it accept > "@IP-address" format? hmmm... It will... but the domains in badmailfrom are matched against the envelope sender address in the MAIL FROM command, so that would only work if the spammer used the IP address as the domain in the sender address (which seems unlikely). To filter connections based on the IP address the connection is *actually* from, you need to use something like tcpserver (with a tcp.smtp.cdb file), as you mention in your next message. -- Daniel Biddle <[EMAIL PROTECTED]>
Re: Spam problem
As a follow-up on this email, one can use the tcpserver program under ucspi-tcp to block access to your qmail smtp service (and any other tcp service for that matter) from various combinations of IPs, domains, usernames@domains/IPs etc. Its pretty neat. check it out; http://cr.yp.to/ucspi-tcp.html (from the author of qmail) SFQ At 02:03 AM 6/18/01 +0600, Syed Faruque Ahmed wrote: >Are you saying that this cannot be done with other mail programs like >sendmail, postfix, etc? (I am assuming that he/she is telneting to port >25 and entering SMTP commands, one by one.) > >If other mail programs are the same, then the next question would be; do >the log files record the IP address of the machine from where this >"spammer" is working this process from? > >If so, then I suppose one could detect and block the access from these >IPs. I am not sure if "badmailfrom" will work with IPs. Will it accept >"@IP-address" format? hmmm... > >SFQ > >At 08:43 PM 6/17/01 +0400, Artem Koutchine wrote: >>Hello! >> >>The solution to my problem might or might not be related >>to the vchkpw, so i'll try to find help here anyway. >> >>The problem is that if there is a virtual domain: bbb.zz >>and there is a user [EMAIL PROTECTED] and the whole thing >>is located at address ADDR then any spammer >>can connect to smtp port on addres ADDR enter >>[EMAIL PROTECTED] as FROM address (MAIL FROM) and >>spam a bunch of people. All the victims will think >>that [EMAIL PROTECTED] is doing it to them. Relaying is >>allowed in this case, since bbb.zz is a local domain. >> >>How can I solve the problem? SMTP authorization? >>but how? Any other ways? >> >>Regards, >>Artem
Re: Spam problem
Are you saying that this cannot be done with other mail programs like sendmail, postfix, etc? (I am assuming that he/she is telneting to port 25 and entering SMTP commands, one by one.) If other mail programs are the same, then the next question would be; do the log files record the IP address of the machine from where this "spammer" is working this process from? If so, then I suppose one could detect and block the access from these IPs. I am not sure if "badmailfrom" will work with IPs. Will it accept "@IP-address" format? hmmm... SFQ At 08:43 PM 6/17/01 +0400, Artem Koutchine wrote: >Hello! > >The solution to my problem might or might not be related >to the vchkpw, so i'll try to find help here anyway. > >The problem is that if there is a virtual domain: bbb.zz >and there is a user [EMAIL PROTECTED] and the whole thing >is located at address ADDR then any spammer >can connect to smtp port on addres ADDR enter >[EMAIL PROTECTED] as FROM address (MAIL FROM) and >spam a bunch of people. All the victims will think >that [EMAIL PROTECTED] is doing it to them. Relaying is >allowed in this case, since bbb.zz is a local domain. > >How can I solve the problem? SMTP authorization? >but how? Any other ways? > >Regards, >Artem
Re: Spam problem
can't you use --enable-romaning=y ? wouldn't that solve your problem? - Original Message - From: "Artem Koutchine" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 17, 2001 12:43 PM Subject: Spam problem > Hello! > > The solution to my problem might or might not be related > to the vchkpw, so i'll try to find help here anyway. > > The problem is that if there is a virtual domain: bbb.zz > and there is a user [EMAIL PROTECTED] and the whole thing > is located at address ADDR then any spammer > can connect to smtp port on addres ADDR enter > [EMAIL PROTECTED] as FROM address (MAIL FROM) and > spam a bunch of people. All the victims will think > that [EMAIL PROTECTED] is doing it to them. Relaying is > allowed in this case, since bbb.zz is a local domain. > > How can I solve the problem? SMTP authorization? > but how? Any other ways? > > Regards, > Artem > >
Re: Spam problem
Hello Artem, On Sunday, June 17, 2001 at 8:43:39 PM you wrote: AK> No, people of bbb.zz are not getting any spam. The WORLD gets the AK> spam and the spam is propagated from the host ADDR and the AK> sender is [EMAIL PROTECTED], so the WORLD thinks that [EMAIL PROTECTED] sends AK> the spam, which he/she does not. If you're using qmail this is easy: if you don't tell qmail EXPLICITLY to relay, it doesn't. That means: you can set your subnet to automatically be allowed relaying, external connections not. With this configuration [EMAIL PROTECTED] can send spam if his connection comes from the subnet allowed to relay. Every other (external) connection is only allowed to send e-mail for domains listet in '/var/qmail/control/rcpthosts' . -- Best regards Peter Palmreuthermailto:[EMAIL PROTECTED]
Re: Spam problem
* Artem Koutchine <[EMAIL PROTECTED]> [010617 20:43]: > > > The solution to my problem might or might not be related > > > to the vchkpw, so i'll try to find help here anyway. > No, people of bbb.zz are not getting any spam. The WORLD gets the > spam and the spam is propagated from the host ADDR and the > sender is [EMAIL PROTECTED], so the WORLD thinks that [EMAIL PROTECTED] sends > the spam, which he/she does not. Your setup is wrong. This should not happen. Read: http://www.palomine.net/qmail/relaying.html http://www.palomine.net/qmail/selectiverelay.html -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
Re: Spam problem
> > How can I solve the problem? SMTP authorization? > > but how? Any other ways? > > there is not much you can do, except of apllying a general filter to > incoming messages. > i have once tryed to set authentication to all incoming smtp sessions, and > was wandering for a day why didn't I get any e-mail !!! you cannnot demand > authentication for incoming connections for your domain, if you want to > recieve mail at all. You really mean it? Then i must say all smtp servers could be exploited this way. Noone is safe. However, i could think of such scenario: 1) IF INCOMING MESSAGE IS FOR ONE OF THE LOCAL DOMAINS then always get it, not authorization needed 2) IF INCOMING MESSAGE IF NOT FOR LOCAL DOMAIN authorize the sender, if auth is ok, then relay Is such thing possible? Regards, Artem
Re: Spam problem
> > The solution to my problem might or might not be related > > to the vchkpw, so i'll try to find help here anyway. > > > > The problem is that if there is a virtual domain: bbb.zz > > and there is a user [EMAIL PROTECTED] and the whole thing > > is located at address ADDR then any spammer > > can connect to smtp port on addres ADDR enter > > [EMAIL PROTECTED] as FROM address (MAIL FROM) and > > spam a bunch of people. All the victims will think > > that [EMAIL PROTECTED] is doing it to them. Relaying is > > allowed in this case, since bbb.zz is a local domain. > > From what I understand, users of bbb.zz are receiving the spam; in this case > the FROM: address is irrelevant. The same thing will happen regardless of > who is sending the email. No, people of bbb.zz are not getting any spam. The WORLD gets the spam and the spam is propagated from the host ADDR and the sender is [EMAIL PROTECTED], so the WORLD thinks that [EMAIL PROTECTED] sends the spam, which he/she does not.
Re: Spam problem
> Hello! > > The solution to my problem might or might not be related > to the vchkpw, so i'll try to find help here anyway. > > The problem is that if there is a virtual domain: bbb.zz > and there is a user [EMAIL PROTECTED] and the whole thing > is located at address ADDR then any spammer > can connect to smtp port on addres ADDR enter > [EMAIL PROTECTED] as FROM address (MAIL FROM) and > spam a bunch of people. All the victims will think > that [EMAIL PROTECTED] is doing it to them. Relaying is > allowed in this case, since bbb.zz is a local domain. > > How can I solve the problem? SMTP authorization? > but how? Any other ways? > > Regards, > Artem >From what I understand, users of bbb.zz are receiving the spam; in this case the FROM: address is irrelevant. The same thing will happen regardless of who is sending the email. If people /othe/ than your own local domains are getting spam from you (you are an open relay) then you need to enable roaming users and only allow smtp after pop. If the former is the case, you may want to try rblsmtpd and filter connections. Check the archives of this list or www.qmail.org for more info on rblsmtpd. Tim
Re: Spam problem
- Original Message - From: "Artem Koutchine" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 17, 2001 6:43 PM Subject: Spam problem > How can I solve the problem? SMTP authorization? > but how? Any other ways? there is not much you can do, except of apllying a general filter to incoming messages. i have once tryed to set authentication to all incoming smtp sessions, and was wandering for a day why didn't I get any e-mail !!! you cannnot demand authentication for incoming connections for your domain, if you want to recieve mail at all.
