There are bit flags associated with each user account which can be set
with the /home/vpopmail/bin/vmoduser command. There is no other (gui)
way I know of to set these flags.
# ./vmoduser
vmoduser: usage: [options] email_addr or domain (for each user in domain)
options: -v ( display the
Thanks Eric.
Steps I took upon noticing:
1.) qmailctl stop
2.)qmHandle -SYOUR BLAH BLAH...
3.) Reviewed bounce messages and deleted them with qmHandle upon review
qmail-qstat
qmail-qread
qmHandle -mxxx quick check on mail message as listed with
qmail-qread
On 02/16/2014 09:27 AM, Wicus Roets wrote:
Thanks Eric.
Steps I took upon noticing:
1.) qmailctl stop
2.)qmHandle -SYOUR BLAH BLAH...
3.) Reviewed bounce messages and deleted them with qmHandle upon review
qmail-qstat
qmail-qread
qmHandle -mxxx quick check on mail
I do understand that qmail is not the reason the IP is being blacklisted.
In favour of myself and some else referring to this mail list in future,
would you mind elaborating on qmail-remote throttling? (until the
offending/spamming user feature gets implemented)
-Original Message-
From:
As mine is set to 60 for concurrencyremote and 100 for concurrencyincoming.
What would you advise ?
-Original Message-
From: Wicus Roets [mailto:wi...@r4c.co.za]
Sent: 16 February 2014 07:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: Spamming via valid
If someone has hacked a vpopmail account password and is using it to
spam, you can check the send, smtp, or submission logs and it will
expose the account. I did have this problem in the past.
It may very well be a PC in your network with malware on it.
Eric B.
On 2/16/2014 10:20 AM, Wicus
On 02/16/2014 10:20 AM, Wicus Roets wrote:
In favour of myself and some else referring to this mail list in future,
would you mind elaborating on qmail-remote throttling? (until the
offending/spamming user feature gets implemented)
Presently, qmail-remote has no throttle other than the
That explains is quite nicely.
One more question though ;)
Quoting from http://gmane.org/post.php; - People who do not have valid
email addresses in their From or Reply-To headers can't use Gmane to post to
mailing lists.
From my earlier mail, qmail accepts mail based only on the rcpt to: of
Wicus' issues are not uncommon:
An attacker gains a password (through guesswork or other means) of a
user on your system, then proceeds to spam the hell out of the world
from your system.
Alternatively, some user gets a malware infection on their system that
uses their mail program (usually
Dan,
By default (and I'm not currently aware of any other situation warranting it
differently) users' mail clients are configured to
POP3 on port 110
IMAP on port 143
SMTP on port 587
Since the incidents, I've configured SSL for POP3 (993), IMAP(995) and
SMTP(465).
However, my understanding
Could you please share your script for detecting failed massages with us? It
sounds like a good stop-gap treatment for this insidious issue.
From: Dan McAllister q...@it4soho.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Sunday, February 16, 2014 12:33
Hi.
Wouldn't it be possible to block port 25 outgoing and let fail2ban check
submission logs ?
Regards,
Finn
Den 16-02-2014 19:33, Dan McAllister skrev:
Wicus' issues are not uncommon:
An attacker gains a password (through guesswork or other means) of a
user on your system, then
On 02/16/2014 11:32 AM, Wicus Roets wrote:
That explains is quite nicely.
One more question though ;)
Quoting from http://gmane.org/post.php; - People who do not have valid
email addresses in their From or Reply-To headers can't use Gmane to post to
mailing lists.
That's (primarily) because
On 02/16/2014 12:01 PM, Wicus Roets wrote:
Dan,
By default (and I'm not currently aware of any other situation warranting it
differently) users' mail clients are configured to
POP3 on port 110
IMAP on port 143
SMTP on port 587
Since the incidents, I've configured SSL for POP3 (993), IMAP(995)
I don't see how fail2ban would be of any help with this. Can you elaborate?
--
-Eric 'shubes'
On 02/16/2014 12:11 PM, Finn Buhelt wrote:
Hi.
Wouldn't it be possible to block port 25 outgoing and let fail2ban check
submission logs ?
Regards,
Finn
Den 16-02-2014 19:33, Dan McAllister skrev:
Eric,
This is where I'm confused. If qmail accepts mail for relay based on
authentication of a valid account/pw pair, how could I have send mail via
telnet on port 25 by only supplying a valid account (without a password)?
-Original Message-
From: Eric Shubert [mailto:e...@shubes.net]
On 02/16/2014 11:33 AM, Dan McAllister wrote:
Wicus' issues are not uncommon:
An attacker gains a password (through guesswork or other means) of a
user on your system, then proceeds to spam the hell out of the world
from your system.
Alternatively, some user gets a malware infection on their
Hi Eric.
You can have Fail2ban check Your logs for bad entries that happens
within a given period of time and then ban the IP address (Ip tables).
Let Fail2ban check on the LAN ip address that is submitting the email in
the submit log and then take action when Your tresholds are triggered -
Wicus -
On port 25 CURRENTLY:
- If the connection is for a LOCAL address (that is: the RECIPIENT
address is one that is local to the server), the message is accepted --
regardless of whether you are authenticated or not
- If the connection is for a REMOTE address (that is: the RECIPIENT
I have every intention of sharing both the message tracking system AND
the failure detection scripts once I've completed (to a certain degree)
debugging them.
Dan
IT4SOHO
On 2/16/2014 2:04 PM, LHTek wrote:
Could you please share your script for detecting failed massages with
us? It sounds
Open Relay was one of the first things I double checked.
So, for inbound mail, qmail only checks whether the user is available on
the system (chkuser) before accepting the mail. (UNAUTHENTICATED)
However, for outbound mail (being a domain not hosted on the machine),
authentication of the user is
To forward system generated mail to a qmail account, is it a requirement to
first create a similar vpop account prior to forwarding ?
***Note - Mail DNS is hosted on the machine.
Under /var/qmail/alias I created the following files:
.qmail-anonymous
.qmail-mailer-daemon
Use '/home/vpopmail/bin/valias'
On 2/16/2014 4:48 PM, Wicus Roets wrote:
To forward system generated mail to a qmail account, is it a
requirement to first create a similar vpop account prior to forwarding ?
***Note - Mail DNS is hosted on the machine.
Under /var/qmail/alias I
Yes, but in this case there are no bad entries. The spammer has the
password.
I suppose F2B might check for a number of submissions in a given time
period, but blocking and unblocking could get to be cumbersome.
I suppose a throttle could be put on qmail-smtp to limit submissions.
The
On 02/16/2014 04:17 PM, Wicus Roets wrote:
Therefore, my confusion relates to using Telnet, whereby no authentication
is implemented prior to sending the test message?
Like Dan said, messages are only accepted (on port 25) with no
authentication when the message is for local (rcpthost)
Or qmailadmin.
On 02/16/2014 06:42 PM, Eric Broch wrote:
Use '/home/vpopmail/bin/valias'
On 2/16/2014 4:48 PM, Wicus Roets wrote:
To forward system generated mail to a qmail account, is it a
requirement to first create a similar vpop account prior to forwarding ?
***Note - Mail DNS is
On 02/16/2014 02:59 PM, Dan McAllister wrote:
Again, the CORRECT use of port 25 is SOLELY for the receipt of inbound
messages for the local server. Users (who authenticate) should be using
ports 587 or 465 -- which, after they authenticate, will allow them to
relay to other servers.
I agree
It would therefore be as simple as
# /home/vpopmail/bin/valias -I r...@server.com j...@server.com
#/home/vpopmail/bin/valias -I postmas...@server.com j...@server.com
#/home/vpopmail/bin/valias -I mailer-dae...@server.com j...@server.com
#/home/vpopmail/bin/valias -I anonym...@server.com
However, the mail queue still has messages from mailer-dae...@ns.server.com
to postmas...@ns.server.com which simply tends to bounce.
** note that I am aliasing mailer-dae...@server.com and
postmas...@server.com to j...@server.com whereas the messages in the queue
is user@fqdn rather than
Even adding an alias for mailer-dae...@ns.server.com and r...@ns.server.com
to j...@server.com has no effect
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
On 02/16/2014 11:31 PM, Wicus Roets wrote:
Even adding an alias for mailer-dae...@ns.server.com and r...@ns.server.com
to j...@server.com has no effect
-
I haven't looked at this in detail, but I've come across what I think
Quick update on this scenario.
The user's email account that got compromised has been in the hospital for
the last two weeks for a back operation.
His account is only configured on his desktop machine of which the machine
has not been switched on.
A thorough malware/virus scan on all machines
Thanks, Wicus.
Sorry to hear about this person's back. I'll pray for recovery.
In the meantime, has the person used webmail at all? Just wondering.
Thanks again.
--
-Eric 'shubes'
On 02/17/2014 12:12 AM, Wicus Roets wrote:
Quick update on this scenario.
The user's email account that got
33 matches
Mail list logo
