David Legg schrieb:
I've had a chance to look over your file and didn't find any glaring
errors. Here are some suggestions you may like to look into: -
* The nntpserver is enabled. Unless you need it, I would disable it.
I noticed it myself, but it shouldn't be relevant to my current issue.
* Your smtpserver has 'authorizedAddresses' set to '127.*' which is
fine. However, this will allow any process running on your server to
send remote email without requiring SMTP authorization. Is it
possible you have a web app running on your server which is being used
by the spammer to send email?
Allowing localhost unauthorized access is on purpose, but I'm sure that
the webapps running on the same host are not causing the spam relaying.
First of all, all code in the webapps only allow one recipient per
message, second, James is logging the SMTP connection from a remote IP
address. This time, all connections came from a virtual server hosted by
a UK company.
* In your transport processor you have deliveryThreads set to '1'.
This is OK if you are short of memory but it will mean your entire
mail sending capability will be halted if the address you are sending
to is not responding properly (eg because of Tarpitting or
Teergrubing). I've set mine to 4 which seems to be adequate.
That shouldn't be a problem, I only have a few hundred outbound mails daily.
* I notice you have left '&fetchmailConfig;' in your config. Again
unless you need fetchmail I would remove it.
I could do that, but the default fetchmail config starts with <fetchmail
enabled="false">, so I assumed that it doesn't bother including it in
config.xml.
Hope that helps.
Not really :(
As I said earlier I can't see anything wrong. In general, from 3.2
onwards if you have turned SMTP authentication on you can be sure that
any attempt to send a message to a non-local address will require SMTP
Authentication.
Obviously, it doesn't. If I send a mail regulary to a remote host from
my own mail client, the SMTP authentication is logged by James:
31/10/08 21:28:05 INFO smtpserver: Connection from
ppp-62-216-221-238.dynamic.mnet-online.de (62.216.221.238)
31/10/08 21:28:05 INFO smtpserver: AUTH method PLAIN succeeded
31/10/08 21:28:05 INFO smtpserver: Successfully spooled mail
Mail1225484885644-22503 from [EMAIL PROTECTED] on 62.216.221.238
for [EMAIL PROTECTED]
The connections causing the spam hickup this week were _not_
authenticated, or at least James did not log any authentication attempt:
27/10/08 13:14:17 INFO smtpserver: Connection from
wvps212-241-x-y.vps.webfusion.co.uk (212.241.x.y)
27/10/08 13:14:18 INFO smtpserver: Successfully spooled mail
Mail1225109658790-1134809 from [EMAIL PROTECTED] on 212.241.x.y for
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
To me, it looks very much as if James is actually accepting to relay
these messages without authentication, although the config file
indicates that it shouldn't.
Tor
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
