Erwin, 1. The "Error: The RCPT command failed. The specified account does not exist" It might be that you need to specify the full email address as the username. Try using your MUA (outlook express etc) to send smtp auth mail using the userid that you wanted in the scripts. When you have that working, go back to your scripts and add it in there correctly. You might create a different user for each script so you can identify emails from different scripts, not just by IP address.
2. All the scripts failing would be correct with no relaying configured. If your scripts are sending to ip address 10.10.10.99 then until you have #1 fixed, just have smtp-relay.tab with "10.10.10.99" "255.255.255.255" (remember the tab between the fields). If your scripts are sending to ip address 127.0.0.1 then until you have #1 fixed, just have smtp-relay.tab with "127.0.0.1" "255.255.255.255" (remember the tab between the fields). 3. Changing from 213.160.217.191 to 213.160.217.171 should not be a problem, however you need to understand what you are doing. That is a NAT issue on some firewall. You will also need to update dns mx records, etc etc. It will in effect remove you from the CBL, but that will only be until your new IP is listed because you have not addressed the root cause yet. 4. What did you find in your logs? Anything abnormal from IPs other than 10.10.10.99? Your scripts on the server - are they webforms where email can be sent? (you know, "contact us" forms) There are known vulnerabilities in some web forms where they are used to send spam. I'd check if the volume of emails from your scripts is abnormally high. The problem you have is not to do with xmail (unless you've made it an open relay). The problem will be in your scripts or some other source of emails. Your logs will have the answers, analyze them !! To check if your xmail is an open relay, use the following test. >From the xmail server, telnet to: relay-test.mail-abuse.org The server there will open a connection to tcp/25 on the ip address that you are sending from and issue a dozen or so relay tests. The progress is issued back to your telnet session. This needs to report a closed relay. Rob :-) _________________________________________________ Note To Self: Remember to put something witty here later... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erwin Meulensteen Sent: Monday, January 15, 2007 7:24 PM To: xmail@xmailserver.org Subject: [xmail] Re: gun for hire Rob, Thank you for helping out. A good point in clearing the smtprelay.tab. If I do this. All scripts on the server give an error when trying to send e-mail. ASP (dundas) or PHP scripts fail. Even when I add an smtp account with username and password. Error: The RCPT command failed. The specified account does not exist. The server ip is: 10.10.10.99 The mailserver ip is: 213.160.217.191 Is it ok to allow only the mailserver ip? This way all script seem to function again. I also would like to change the mailserver's ip address from 213.160.217.191 to 213.160.217.171 Would this give any problems? Erwin -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Rob Arends Verzonden: zondag 14 januari 2007 12:46 Aan: xmail@xmailserver.org Onderwerp: [xmail] Re: gun for hire Erwin, In smtprelay.tab ensure you do not permit relay for localhost and you own IP. THIS MUST *NOT* BE LISTED "127.0.0.1" "255.255.255.255" "1.2.3.0" "255.255.255.0" "1.2.3.4" "255.255.255.255" Where the white space between the values is a TAB not just spaces. Where 1.2.3.0 represents your lan Where 1.2.3.4 represents your server's real ip address. A good start for your test is to empty the file completely. This will force all relaying to require smtp authentication as long as server.tab contains: "DefaultSmtpPerms" "MRVZ" (This being the default - I'm not saying other setting will or won't work - just it is the default) Is it possible that users of your server are the cause, not necessarily the server, or programs on it? Your IP is generating the traffic, but what is the source: local program, relayed traffic??? Why don't you paste your smtp logs in to excel or similar and use 'data|auto-filter' to assist you in locating traffic patterns or odd traffic sources. Like traffic sourced from 127.0.0.1 or your own IP. The answer will be in your logs, you just need to eliminate the traffic sourced externally or from auth'ed users, and traffic sourced internally from reputable hosts. The rest you should investigate. The problem will be shown in those records. Rob :-) _________________________________________________ Note To Self: Remember to put something witty here later... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erwin Meulensteen Sent: Sunday, January 14, 2007 7:15 PM To: xmail@xmailserver.org Subject: [xmail] Re: gun for hire Davide, Since no trojans,spyware etc were detected on the server I believe the problem to be user scripts (php or asp). How can I configure xmail in such way that it does not allow php or asp scripts to send e-mail in such manner? I see code snippets like: if (!empty($GLOBALS['HTTP_SERVER_VARS']['HTTP_HOST'])) { $helo = $GLOBALS['HTTP_SERVER_VARS']['HTTP_HOST']; } elseif (!empty($GLOBALS['HTTP_SERVER_VARS']['SERVER_NAME'])) { $helo = $GLOBALS['HTTP_SERVER_VARS']['SERVER_NAME']; } else { $helo = 'localhost'; } var $From = "[EMAIL PROTECTED]"; function ServerHostname() { if ($this->Hostname != "") $result = $this->Hostname; elseif ($this->ServerVar('SERVER_NAME') != "") $result = $this->ServerVar('SERVER_NAME'); else $result = "localhost.localdomain"; /** * Sets the hostname to use in Message-Id and Received headers * and as default HELO string. If empty, the value returned * by SERVER_NAME is used or 'localhost.localdomain'. * @var string */ var $Hostname = ""; - Erwin -----Oorspronkelijk bericht----- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Davide Libenzi Verzonden: zaterdag 13 januari 2007 17:36 Aan: xmail@xmailserver.org Onderwerp: [xmail] Re: gun for hire On Sat, 13 Jan 2007, Erwin Meulensteen wrote: > > Hello, > In light of recent events (being placed on cbl.abuseat.org for the fifth > time). I was wondering if someone from the Netherlands (or working remotely) > with experience in xmail server (currently running v1.20) and windows 2000 > server would consider helping us out. The effort will be paid for. Did you read what the cbl.abuseat.org. is for? The machine running XMail is probably infected, and XMail server configuration has nothing to do with it. "In other words, the CBL only lists IPs that have attempted to send email to one of our servers in such a way as to indicate that the sending IP is infected. The CBL does NO probes. The CBL does NOT test for nor list open relays. The CBL only lists individual IPs, NOT ranges. The CBL does NOT list IPs because they are/are not dynamic. The CBL only lists IPs that have sent one of our servers email that appears to indicate that the IP is infected." - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]