Rob, Thank you for helping out. A good point in clearing the smtprelay.tab. If I do this. All scripts on the server give an error when trying to send e-mail. ASP (dundas) or PHP scripts fail. Even when I add an smtp account with username and password. Error: The RCPT command failed. The specified account does not exist. The server ip is: 10.10.10.99 The mailserver ip is: 213.160.217.191
Is it ok to allow only the mailserver ip? This way all script seem to function again. I also would like to change the mailserver's ip address from 213.160.217.191 to 213.160.217.171 Would this give any problems? Erwin -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Rob Arends Verzonden: zondag 14 januari 2007 12:46 Aan: xmail@xmailserver.org Onderwerp: [xmail] Re: gun for hire Erwin, In smtprelay.tab ensure you do not permit relay for localhost and you own IP. THIS MUST *NOT* BE LISTED "127.0.0.1" "255.255.255.255" "1.2.3.0" "255.255.255.0" "1.2.3.4" "255.255.255.255" Where the white space between the values is a TAB not just spaces. Where 1.2.3.0 represents your lan Where 1.2.3.4 represents your server's real ip address. A good start for your test is to empty the file completely. This will force all relaying to require smtp authentication as long as server.tab contains: "DefaultSmtpPerms" "MRVZ" (This being the default - I'm not saying other setting will or won't work - just it is the default) Is it possible that users of your server are the cause, not necessarily the server, or programs on it? Your IP is generating the traffic, but what is the source: local program, relayed traffic??? Why don't you paste your smtp logs in to excel or similar and use 'data|auto-filter' to assist you in locating traffic patterns or odd traffic sources. Like traffic sourced from 127.0.0.1 or your own IP. The answer will be in your logs, you just need to eliminate the traffic sourced externally or from auth'ed users, and traffic sourced internally from reputable hosts. The rest you should investigate. The problem will be shown in those records. Rob :-) _________________________________________________ Note To Self: Remember to put something witty here later... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erwin Meulensteen Sent: Sunday, January 14, 2007 7:15 PM To: xmail@xmailserver.org Subject: [xmail] Re: gun for hire Davide, Since no trojans,spyware etc were detected on the server I believe the problem to be user scripts (php or asp). How can I configure xmail in such way that it does not allow php or asp scripts to send e-mail in such manner? I see code snippets like: if (!empty($GLOBALS['HTTP_SERVER_VARS']['HTTP_HOST'])) { $helo = $GLOBALS['HTTP_SERVER_VARS']['HTTP_HOST']; } elseif (!empty($GLOBALS['HTTP_SERVER_VARS']['SERVER_NAME'])) { $helo = $GLOBALS['HTTP_SERVER_VARS']['SERVER_NAME']; } else { $helo = 'localhost'; } var $From = "[EMAIL PROTECTED]"; function ServerHostname() { if ($this->Hostname != "") $result = $this->Hostname; elseif ($this->ServerVar('SERVER_NAME') != "") $result = $this->ServerVar('SERVER_NAME'); else $result = "localhost.localdomain"; /** * Sets the hostname to use in Message-Id and Received headers * and as default HELO string. If empty, the value returned * by SERVER_NAME is used or 'localhost.localdomain'. * @var string */ var $Hostname = ""; - Erwin -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Davide Libenzi Verzonden: zaterdag 13 januari 2007 17:36 Aan: xmail@xmailserver.org Onderwerp: [xmail] Re: gun for hire On Sat, 13 Jan 2007, Erwin Meulensteen wrote: > > Hello, > In light of recent events (being placed on cbl.abuseat.org for the fifth > time). I was wondering if someone from the Netherlands (or working remotely) > with experience in xmail server (currently running v1.20) and windows 2000 > server would consider helping us out. The effort will be paid for. Did you read what the cbl.abuseat.org. is for? The machine running XMail is probably infected, and XMail server configuration has nothing to do with it. "In other words, the CBL only lists IPs that have attempted to send email to one of our servers in such a way as to indicate that the sending IP is infected. The CBL does NO probes. The CBL does NOT test for nor list open relays. The CBL only lists individual IPs, NOT ranges. The CBL does NOT list IPs because they are/are not dynamic. The CBL only lists IPs that have sent one of our servers email that appears to indicate that the IP is infected." - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]