I just had a serious security breach here. My server, running Courier, was used for relaying thousands of spams, probably insuring that I will be blacklisted on dozens of servers and have to spend days cleaning up the mess and getting my mail server's access restored.
AOL sent me several dozen "Client TOS Notifications" from which I was able to determine that the common thread in many if not all of these spams is shown in the following header: Received: from TITANIUM (112.130.192-77.rev.gaoland.net [::ffff:77.192.130.112]) (AUTH: LOGIN [address deleted]) by shakti.fmp.com with esmtp; Wed, 04 Jun 2008 14:36:04 -0500 id 00000000001E8B6B.000000004846EEA4.00001993 The "[address deleted]" contained the email address of a local account which I presume was compromised to send these spams. Does Courier indeed include "(AUTH: LOGIN [EMAIL PROTECTED])" to indicated an authenticated SMTP transaction? I would presume so since this header is the lowermost one in the transaction with AOL, the only one mentioning my server, from which the message did indeed originate. I have a very few customers who require authenticated SMTP. All others use their ISPs' SMTP servers. On top of this, customers are able to set their own mailbox passwords, and some don't understand about proper password security. I would like to be able to severely restrict access to authenticated (E)SMTP on the server so that only those few customers who require it for specific mailboxes are authorized to use it, and these and only these SMTP logins will be accepted. The abused email account here was _not_ one which is needs it or uses it. Does courieresmtp provide any mechanism to do this? I might be able to find the answer by digging in docs, but I'm dog tired from dealing with this problem and could use a bit of charity help in the way of pointers to a solution :-) -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
