[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Hello Frederik, Tuesday, March 4, 2003, 11:28:10 AM, you wrote: FG To Whom It May Concern ... FG --- FG CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail FGOriginal release date: March 3, 2003 FGLast revised: -- FGSource: CERT/CC FGA complete revision history can be found at the end of this file. FG Systems Affected FG * Sendmail Pro (all versions) FG * Sendmail Switch 2.1 prior to 2.1.5 FG * Sendmail Switch 2.2 prior to 2.2.5 FG * Sendmail Switch 3.0 prior to 3.0.3 FG * Sendmail for NT 2.X prior to 2.6.2 FG * Sendmail for NT 3.0 prior to 3.0.3 FG * Systems running open-source sendmail versions prior to 8.12.8, FGincluding UNIX and Linux systems FG Overview FGThere is a vulnerability in sendmail that may allow remote attackers FGto gain the privileges of the sendmail daemon, typically root. This advisory only corresponds to Sendmail MTA. XMail is another MTA that do not contain this vulnerability (i hope :)) -- Best regards, pinheadmailto:[EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
This advisory only corresponds to Sendmail MTA. XMail is another MTA that do not contain this vulnerability (i hope :)) i guess frederik knows that - the mail was just FYI and shows us that we are using the right MTA :-)) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Im not :-( - Original Message - From: Sönke Ruempler [EMAIL PROTECTED] Newsgroups: saltstorm.xmail Sent: Tuesday, March 04, 2003 8:55 AM Subject: [xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail This advisory only corresponds to Sendmail MTA. XMail is another MTA that do not contain this vulnerability (i hope :)) i guess frederik knows that - the mail was just FYI and shows us that we are using the right MTA :-)) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- -- -- XMail::Scope::nntpfwd v1.00 | 2003-03-04 08:49:26Z nntp://news.saltstorm.net/saltstorm.xmail/3735 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
oops sorry - Original Message - From: Sönke Ruempler [EMAIL PROTECTED] Newsgroups: saltstorm.xmail Sent: Tuesday, March 04, 2003 8:55 AM Subject: [xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail This advisory only corresponds to Sendmail MTA. XMail is another MTA that do not contain this vulnerability (i hope :)) i guess frederik knows that - the mail was just FYI and shows us that we are using the right MTA :-)) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] -- -- -- XMail::Scope::nntpfwd v1.00 | 2003-03-04 08:49:26Z nntp://news.saltstorm.net/saltstorm.xmail/3735 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
Hello Sönke, Tuesday, March 4, 2003, 11:55:07 AM, you wrote: This advisory only corresponds to Sendmail MTA. XMail is another MTA that do not contain this vulnerability (i hope :)) SR i guess frederik knows that - the mail was just FYI and shows us that we are SR using the right MTA :-)) hope u r right :-) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
(no subject)
unsuscribe - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] unsuscribe xmail
unsuscribe xmail - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] unsuscribe
unsuscribe - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail
hope u r right :-) hmmm but that bug seems to be heavy! our provider called us if he should upgrade our servers. no we don't use sendmail, fortunately :-) soenke. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] sniffing
If i put a sniffer i can get all the passwds when people get their e-mails. How can i protect the xmail server to make it secure? CIao Rui - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: sniffing
If i put a sniffer i can get all the passwds when people get their e-mails. a hacker could only sniff passwords with a man-in-the-middle-attack, eg on a router. How can i protect the xmail server to make it secure? xmail is secure, but the protocols are not, you can use ssl tunneling: www.stunnel.org - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: sniffing
You could also force CRAM-MD5 auth to be used for pop3 :) unfortunately the most popular MUA OE does not support APOP ;-( - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] open relay
Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. benny - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
You have: EnableAuthSMTP-POP3 0 and must be: EnableAuthSMTP-POP3 1 Gustavo - Original Message - From: Benny [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 7:52 PM Subject: [xmail] open relay Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. benny - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/2003 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
Yeah I thought and tried that too... But then it doesnt care if my client even does smtp-auth. In fact I have turned off smtp-auth on my client(OE) and I set : EnableAuthSMTP-POP31 And this message will go through without smtp-auth. benny - Original Message - From: Gustavo Galvan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:00 PM Subject: [xmail] Re: open relay You have: EnableAuthSMTP-POP3 0 and must be: EnableAuthSMTP-POP3 1 Gustavo - Original Message - From: Benny [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 7:52 PM Subject: [xmail] open relay Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. benny - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.459 / Virus Database: 258 - Release Date: 25/02/2003 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
I have used the test sites below: http://abuse.net/relay.html http://members.iinet.net.au/~remmie/relay/ http://www.paladincorp.com.au/unix/spam/spamlart/ Those are just some I tested. And the last one comes back with several errors and it looks like my server is not an open relay, but the other tests come back as open relay. benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
Here is the email I get from the test site http://abuse.net - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] POP3 Authentication error for Outlook 2000
Hi, I have just recentally installed XMail on our office linux box, and it is= =20 doing it's job nicly (as an SMPT server, inhouse emails, and connecting t= o=20 our offsite internet server using POP syncronisation). However for some=20 reason Outlook 2000 clients are unable to connect - the error returned is= a=20 password authentication one. It works perfectally with Outlook XP - but = alas=20 we have some '95 computers here which can't run Outlook XP. Is this a=20 general problem? is there some fix? Thanks for the software though, so far it has been very impressive. Cheers, Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
That IP Address is listed in two open relay databases. http://www.dnsstuff.com/tools/ip4r.ch?ip=3D24.94.213.208 -Original Message- From: Benny [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: open relay =20 =20 =20 Here is the email I get from the test site http://abuse.net =20 -- -- - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. =20 Target host =3D thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 =20 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. =20 For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- -- -- =20 benny =20 - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay =20 =20 On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have=20 EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth=20 and everything works, and if I dont have smtp auth set it doesn't work(i=20 get an auth error). So in that aspect everything works, but how come=20 when I do an open relay test, my server acts like an open relay and=20 sends through the email? I have tried several online open relay tests and=20 all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is=20 your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] =20 =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
When you perform the test, you have to tell the test email to send to an email address that is NOT handled by the server you are testing. If you register at abuse.net, there is a check box i think to have them generate an email address to use for the test. it will still send the results to the address you specify. The reason the server looked like an open relay is that it accepted the test mail, but it accepted the test mail because it was addressed to a domain handled by the server. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Benny Sent: Tuesday, March 04, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: open relay Here is the email I get from the test site http://abuse.net - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
No, the email is a result of the test below from http://abuse.net. --- Mail relay testing Mail relay testing Connecting to thedaily.tv for registered user test ... 220 [EMAIL PROTECTED] [XMail 1.12 (Linux/Ix86) ESMTP Server] service ready; Tue, 04 Mar 2003 17:13:00 -0600 HELO www.abuse.net 250 thedaily.tv Relay test 1 RSET 250 OK MAIL FROM:[EMAIL PROTECTED] 250 OK RCPT TO:[EMAIL PROTECTED] 250 OK DATA 354 Start mail input; end with CRLF.CRLF (message body) 250 OK S122 Relay test result Hmmn, at first glance, host appeared to accept a message for relay. THIS MAY OR MAY NOT MEAN THAT IT'S AN OPEN RELAY. Some systems appear to accept relay mail, but then reject messages internally rather than delivering them, but you cannot tell at this point whether the message will be relayed or not. If it is really an open relay, the test message will be delivered to you. If you do not receive the test message in your e-mail in the next few hours, it IS NOT an open relay. --- So it shows it as being an open relay. benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:26 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Here is the email I get from the test site http://abuse.net -- -- - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- -- -- So ? Your IP is not an open relay. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
Try unchecking the option to login using Secure Password Authentication. I believe OL XP supports APOP, but OL 2000 does not. If that doesn't help, try specifying the full email address for the user name: [EMAIL PROTECTED] I don't see why that one would be different between 2000 and XP, so I think it's probably the SPA setting. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of William Denniss Sent: Tuesday, March 04, 2003 3:19 PM To: [EMAIL PROTECTED] Subject: [xmail] POP3 Authentication error for Outlook 2000 Hi, I have just recentally installed XMail on our office linux box, and it is= =20 doing it's job nicly (as an SMPT server, inhouse emails, and connecting t= o=20 our offsite internet server using POP syncronisation). However for some=20 reason Outlook 2000 clients are unable to connect - the error returned is= a=20 password authentication one. It works perfectally with Outlook XP - but = alas=20 we have some '95 computers here which can't run Outlook XP. Is this a=20 general problem? is there some fix? Thanks for the software though, so far it has been very impressive. Cheers, Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
0 is the correct setting. Notice how on the relay test it says: RCPT TO:[EMAIL PROTECTED] The server should always accept messages for your domain! Relay meaning that the server accepts messages that should arrive at a server other than your own. The only case you want that to happen is if your users need to send email via SMTP from your server, in which case they use their password EnableAuthSMTP-POP3 means that if they checked mail with POP3 there is a window of time where they can send messages (based on IP?) withouth having to auth. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Benny Enviado el: Tuesday, March 04, 2003 6:24 PM Para: [EMAIL PROTECTED] Asunto: [xmail] Re: open relay You are right Seth, and of course that makes sense. But am I correct in having: EnableAuthSMTP-POP30 or should it be EnableAuthSMTP-POP31 because if it is set to 1, then my client doesn't have to authenticate, but if at 0, then it does. And I want it to do smtp-auth. benny - Original Message - From: Seth A. Munroe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:22 PM Subject: [xmail] Re: open relay When you perform the test, you have to tell the test email to send to an email address that is NOT handled by the server you are testing. If you register at abuse.net, there is a check box i think to have them generate an email address to use for the test. it will still send the results to the address you specify. The reason the server looked like an open relay is that it accepted the test mail, but it accepted the test mail because it was addressed to a domain handled by the server. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Benny Sent: Tuesday, March 04, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: open relay Here is the email I get from the test site http://abuse.net -- -- - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- -- -- benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
The option you want to enable is on the 2nd tab of the account config my outgoing server requires authenticaion (something like that, I have the Spanish version of Office 2000. The option is NOT secure password authentication. You need not click the options button next to this option, the default action is to use the same username and password as the POP3 account. -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Seth A. Munroe Enviado el: Tuesday, March 04, 2003 6:27 PM Para: [EMAIL PROTECTED] Asunto: [xmail] Re: POP3 Authentication error for Outlook 2000 Try unchecking the option to login using Secure Password Authentication. I believe OL XP supports APOP, but OL 2000 does not. If that doesn't help, try specifying the full email address for the user name: [EMAIL PROTECTED] I don't see why that one would be different between 2000 and XP, so I think it's probably the SPA setting. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of William Denniss Sent: Tuesday, March 04, 2003 3:19 PM To: [EMAIL PROTECTED] Subject: [xmail] POP3 Authentication error for Outlook 2000 Hi, I have just recentally installed XMail on our office linux box, and it is= =20 doing it's job nicly (as an SMPT server, inhouse emails, and connecting t= o=20 our offsite internet server using POP syncronisation). However for some=20 reason Outlook 2000 clients are unable to connect - the error returned is= a=20 password authentication one. It works perfectally with Outlook XP - but = alas=20 we have some '95 computers here which can't run Outlook XP. Is this a=20 general problem? is there some fix? Thanks for the software though, so far it has been very impressive. Cheers, Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
Alright thanks everyone for seeing my dumb mistakes :) And thanks for the clarification on that Seth. I appreciate the help. benny - Original Message - From: Seth A. Munroe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:38 PM Subject: [xmail] Re: open relay Well what's really happening is this: when you have: EnableAuthSMTP-POP31 then smtp opens for a brief period whenever the pop is logged into (i seem to remember .9 seconds being the default - 9 tenths of a second). when you have: EnableAuthSMTP-POP30 smtp is never opened and must always be authenticated (unless the ip is in your smtprelay.tab file) -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Benny Sent: Tuesday, March 04, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: open relay You are right Seth, and of course that makes sense. But am I correct in having: EnableAuthSMTP-POP30 or should it be EnableAuthSMTP-POP31 because if it is set to 1, then my client doesn't have to authenticate, but if at 0, then it does. And I want it to do smtp-auth. benny - Original Message - From: Seth A. Munroe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:22 PM Subject: [xmail] Re: open relay When you perform the test, you have to tell the test email to send to an email address that is NOT handled by the server you are testing. If you register at abuse.net, there is a check box i think to have them generate an email address to use for the test. it will still send the results to the address you specify. The reason the server looked like an open relay is that it accepted the test mail, but it accepted the test mail because it was addressed to a domain handled by the server. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Benny Sent: Tuesday, March 04, 2003 3:11 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: open relay Here is the email I get from the test site http://abuse.net -- -- - This is a test of third-party mail relay, generated via the Network Abuse Clearinghouse at http://www.abuse.net. Target host = thedaily.tv [24.94.213.208] Test performed by [EMAIL PROTECTED] from 24.94.213.208 A well-configured mail server should NOT relay third-party email. Otherwise, the server is subject to abuse by vandals and spammers, and probable blacklisting by recipients of the unwanted third-party e-mail. For information on how to secure a mail server against third-party relay, visit URL: http://www.mail-abuse.org/tsi/. -- -- -- benny - Original Message - From: Davide Libenzi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:10 PM Subject: [xmail] Re: open relay On Tue, 4 Mar 2003, Benny wrote: Ok, I have my smtprelay.tab file blank, and I have EnableAuthSMTP-POP3 0 in server.tab. I set my mail client for smtp auth and everything works, and if I dont have smtp auth set it doesn't work(i get an auth error). So in that aspect everything works, but how come when I do an open relay test, my server acts like an open relay and sends through the email? I have tried several online open relay tests and all seem to show my server as open relay. If your hipotesis are true, I strongly doubt about it. Is your server public on the net ? Which test did you use ? - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Squid
Squid can be used to proxy SMTP!!?? I was playing around with it the other day and now my server is blacklisted somewhere http://njabl.org/cgi-bin/lookup.cgi?query=65.19.129.24 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
-Original Message- From: Davide Libenzi [mailto:[EMAIL PROTECTED] =20 On Tue, 4 Mar 2003, Steven Peck wrote: =20 That IP Address is listed in two open relay databases. http://www.dnsstuff.com/tools/ip4r.ch?ip=3D24.94.213.208 =20 It does not look like that to me. The form result clean. And=20 even so, if the guy did change the configuration lately, maps usually=20 takes time to refresh. A time that might be infinite if you do not manually=20 trigger an update. =20 It's entirely posible that they server is not an open relay, but the IP address is still (rightly or wrongly) listed in two databases. Once he clears up the configuration issue, he can go through what ever process = he needs to to get off the lists. I couldn't get an SMTP header when I tried to do a manual relay test. = The connection just timed out and closed. I meant to have more information in my first post but got distracted and = hit send accidently :/ -sp - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: open relay
Yeah Steven, when I originally first did up the xmail server, I had not cleared out the smtprelay.tab, but then I cleared it out, so chances are I probably got into those list during that time. I should be ok now, with your guys' help. Thanks! Benny - Original Message - From: Steven Peck [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 04, 2003 5:51 PM Subject: [xmail] Re: open relay -Original Message- From: Davide Libenzi [mailto:[EMAIL PROTECTED] =20 On Tue, 4 Mar 2003, Steven Peck wrote: =20 That IP Address is listed in two open relay databases. http://www.dnsstuff.com/tools/ip4r.ch?ip=3D24.94.213.208 =20 It does not look like that to me. The form result clean. And=20 even so, if the guy did change the configuration lately, maps usually=20 takes time to refresh. A time that might be infinite if you do not manually=20 trigger an update. =20 It's entirely posible that they server is not an open relay, but the IP address is still (rightly or wrongly) listed in two databases. Once he clears up the configuration issue, he can go through what ever process = he needs to to get off the lists. I couldn't get an SMTP header when I tried to do a manual relay test. = The connection just timed out and closed. I meant to have more information in my first post but got distracted and = hit send accidently :/ -sp - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
But our problem is with POP authentication not SMTP - the latter is=20 working very well, would that matter?. Will. On Wednesday 05 March 2003 09:40, Andrew Joakimsen wrote: The option you want to enable is on the 2nd tab of the account config = my outgoing server requires authenticaion (something like that, I have th= e Spanish version of Office 2000. The option is NOT secure password authentication. You need not click the options button next to this opti= on, the default action is to use the same username and password as the POP3 account. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
In server.tab do you have EnableAuthSMTP-POP31 -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de William Denniss Enviado el: Tuesday, March 04, 2003 6:56 PM Para: [EMAIL PROTECTED] Asunto: [xmail] Re: POP3 Authentication error for Outlook 2000 But our problem is with POP authentication not SMTP - the latter is=20 working very well, would that matter?. Will. On Wednesday 05 March 2003 09:40, Andrew Joakimsen wrote: The option you want to enable is on the 2nd tab of the account config = my outgoing server requires authenticaion (something like that, I have th= e Spanish version of Office 2000. The option is NOT secure password authentication. You need not click the options button next to this opti= on, the default action is to use the same username and password as the POP3 account. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Squid
Nope, you are listed as an open http proxy ( a thing that can be used to view aminaked.com ) not as an open mail relay ( a thing that can used to send get herbal viagra and make $$$ fast). Different kind of open. Mircea C. Andrew Joakimsen wrote: Squid can be used to proxy SMTP!!?? I was playing around with it the other day and now my server is blacklisted somewhere http://njabl.org/cgi-bin/lookup.cgi?query=65.19.129.24 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Squid
Well look @ that URL 65.19.129.24:hc:3128: HTTP request successeful (200) 65.19.129.24:hc:3128: 220 rt.njabl.org ESMTP Sendmail 8.11.6/8.11.6; Fri, 28 Feb 2 65.19.129.24:hc:3128: 003 13:30:29 -0500\r\n ESMTP and an HTTP request? Why would that block email then? -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de Mircea Ciocan Enviado el: Tuesday, March 04, 2003 7:02 PM Para: [EMAIL PROTECTED] Asunto: [xmail] Re: Squid Nope, you are listed as an open http proxy ( a thing that can be used to view aminaked.com ) not as an open mail relay ( a thing that can used to send get herbal viagra and make $$$ fast). Different kind of open. Mircea C. Andrew Joakimsen wrote: Squid can be used to proxy SMTP!!?? I was playing around with it the other day and now my server is blacklisted somewhere http://njabl.org/cgi-bin/lookup.cgi?query=65.19.129.24 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Squid
Lame self-reply after research: I'll be damned, squid it CAN proxy SMTP also, wow, no they can go aminaked.com AND send buy herbal viagra in the same time !!! Mircea C. Mircea Ciocan wrote: Nope, you are listed as an open http proxy ( a thing that can be used to view aminaked.com ) not as an open mail relay ( a thing that can used to send get herbal viagra and make $$$ fast). Different kind of open. Mircea C. Andrew Joakimsen wrote: Squid can be used to proxy SMTP!!?? I was playing around with it the other day and now my server is blacklisted somewhere http://njabl.org/cgi-bin/lookup.cgi?query=65.19.129.24 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
On Wednesday 05 March 2003 09:59, Andrew Joakimsen wrote: In server.tab do you have EnableAuthSMTP-POP31 yes Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
1) - I try both full email and just username, neither works. the username only works fine in OL XP and Kmail... 2) This check is not enabled. 3) I agree. but alas you have to give the people what they want.. :( The exact error message is: There was a problem logging onto your mail server. Your User Name or Password was rejected. Server Responce: '-ERR Invalid auth or access denied'. I am assuming people have gotten OL 2000 to work with xmail before? Thanks, Will. On Wednesday 05 March 2003 10:21, Davide Libenzi wrote: On Wed, 5 Mar 2003, William Denniss wrote: But our problem is with POP authentication not SMTP - the latter is=3D= 20 working very well, would that matter?. Two things are possible here : 1) You are not using the full email address 2) You enabled the SSL check And, if you want : 3) Outlook *kind of suck* - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
Are you sure it's an outlook issue and not just a general networking issue? Can those machines telnet to the mail server over port 110 using the same hostname as specified in the pop3 server settings of outlook? use these commands: TELNET hostname.com 110 USER username PASS password STAT QUIT that should log you in to the pop server, then show you the numger of messages and total byte count for that user. -Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of William Denniss Sent: Tuesday, March 04, 2003 4:26 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: POP3 Authentication error for Outlook 2000 1) - I try both full email and just username, neither works. the username only works fine in OL XP and Kmail... 2) This check is not enabled. 3) I agree. but alas you have to give the people what they want.. :( The exact error message is: There was a problem logging onto your mail server. Your User Name or Password was rejected. Server Responce: '-ERR Invalid auth or access denied'. I am assuming people have gotten OL 2000 to work with xmail before? Thanks, Will. On Wednesday 05 March 2003 10:21, Davide Libenzi wrote: On Wed, 5 Mar 2003, William Denniss wrote: But our problem is with POP authentication not SMTP - the latter is=3D= 20 working very well, would that matter?. Two things are possible here : 1) You are not using the full email address 2) You enabled the SSL check And, if you want : 3) Outlook *kind of suck* - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
On Wednesday 05 March 2003 10:40, you wrote: Are you sure it's an outlook issue and not just a general networking is= sue? Can those machines telnet to the mail server over port 110 using the sa= me hostname as specified in the pop3 server settings of outlook? use these commands: TELNET hostname.com 110 USER username PASS password STAT QUIT that should log you in to the pop server, then show you the numger of messages and total byte count for that user. -Seth It appears you were right using telnet to test, I managed to fix it up - = we=20 are all working fine now. Thanks Seth, Andrew and Davide for your help. Keep up the fine work on this program! Cheers, Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
Don't keep us in suspense. After such a long thread, I wan't to know what needed to be changed. Rob :-) grin __ Censorship can't eliminate evil; it can only kill freedom. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of William Denniss Sent: Wednesday, 5 March 2003 12:26 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: POP3 Authentication error for Outlook 2000 On Wednesday 05 March 2003 10:40, you wrote: Are you sure it's an outlook issue and not just a general networking is= sue? Can those machines telnet to the mail server over port 110 using the sa= me hostname as specified in the pop3 server settings of outlook? use these commands: TELNET hostname.com 110 USER username PASS password STAT QUIT that should log you in to the pop server, then show you the numger of messages and total byte count for that user. -Seth It appears you were right using telnet to test, I managed to fix it up - = we=20 are all working fine now. Thanks Seth, Andrew and Davide for your help. Keep up the fine work on this program! Cheers, Will. - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: POP3 Authentication error for Outlook 2000
there were a few factors I think, I telnet'ed on the offending computer u= sing=20 an account which I knew worked and got a sucessfull result, I reset the=20 particular user's password on the server, then deleted/added the account=20 again with a full username and making sure none of the SSL options were=20 checked and it all seemed to work - it was just a coincidence (because on= one=20 computer - the problem was fixed by OL XP) that led me to believe the=20 problem was with OL 2000, just stupid coincidences, sorry. But, now my office is running using Oulook and xmail - with the users sto= ring=20 their data on their personal computers as opposed to Microsoft Exchange. = I'm=20 not sure how many people here have had to deal with Exchange in their lif= e -=20 but I found it to be a total pain in the arse - services stopped working = with=20 generic error messages like General NT Error - then the database got=20 corrupted... I found several increadibly usefull tools that can be used = to=20 restore emails from an offline Exchange database (corrupt or not) -=20 unfortunatally they cost over 1.5 grand in Australian currency to buy. A= lso=20 - of course we can't upgrade the server because that would mean forking o= ut=20 over 2 grand for NT Server 2000. So instead of using the expensive a= nd=20 pathetic MS Proxy and Email services - we now use iptables and xmail :D -= =20 it's free and a damn sight more relyable (with real error messages when=20 somthing goes wrong which is a refreshing change). And the best part - t= he=20 users of the system are completally clueless ;) . So again, thanks. Cheers, Will. On Wednesday 05 March 2003 11:45, you wrote: Don't keep us in suspense. After such a long thread, I wan't to know w= hat needed to be changed. Rob :-) grin __ Censorship can't eliminate evil; it can only kill freedom. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of William Denniss Sent: Wednesday, 5 March 2003 12:26 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: POP3 Authentication error for Outlook 2000 On Wednesday 05 March 2003 10:40, you wrote: Are you sure it's an outlook issue and not just a general networkin= g is=3D sue? Can those machines telnet to the mail server over port 110 using th= e sa=3D me hostname as specified in the pop3 server settings of outlook? use these commands: TELNET hostname.com 110 USER username PASS password STAT QUIT that should log you in to the pop server, then show you the numger = of messages and total byte count for that user. -Seth It appears you were right using telnet to test, I managed to fix it u= p - =3D we=3D20 are all working fine now. Thanks Seth, Andrew and Davide for your help. Keep up the fine work on this program! Cheers, Will. - - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]