Randahl, What version of James are you using? The default installation is NOT an open relayer. Either you've commented out or modified something if you're seeing otherwise. If you think that telneting in and sending a message shows that your server is an open relay, then I would refer you to the second question in our FAQ. I can't speak to the auth problem... I have heard from the list that people have had this working. I would suggest searching the mailing list archives for tips on how to get this working.
Serge Knystautas Loki Technologies - Unstoppable Websites http://www.lokitech.com/ ----- Original Message ----- From: "Randahl Fink Isaksen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 21, 2002 5:50 PM Subject: Relay prevention > Hi > > > I am having a hard time stopping james from relaying mails (see config > file below). Here is my list of unsolved issues - I would really > appreciate any constructive feedback: > > 1. I am using the SenderInFakeDomain matcher but it seems to have > no effect. If I telnet to JAMES I can easily make JAMES send an e-mail > using arbitrary sender addresses as in "mail from:[EMAIL PROTECTED]". > JAMES just gives me an "OK" response. > 2. I have tried many different parameters for > RemoteAddrNotInNetwork in the so-called anti-relay mailet. Currently I > am trying to send everything to the SPAM folder unless it comes from > 127.0.0.1 (JAMES itself) or one of my local IPs, e.g. 10.0.0.23. This > has no effect what so ever - I tested it with on-line relay-testers, and > even had a friend from another network telnet to my server, and he was > able to send an e-mail aswell. > 3. I tried setting authRequired to true, but this seems not to be > compatible with MS Outlook which fails to authenticate (I have tried > many different sensible settings). This is the solution which I would > like the most, since I hope it would could enable me to check my JAMES > account outside the office aswell. > > The fact that my JAMES installation is an open relay has caused me no > problems (yet), but I really would like to put an effort into stopping > the spammers who are actively abusing my installation. Urgent help will > be highly appreciated. My config file is included below. > > Thanks > > > Randahl > > > <?xml version="1.0"?> > <config> > > <!-- The James block --> > <James> > <!-- CHECKME! Set this to the right email address for error reports --> > <postmaster>[EMAIL PROTECTED]</postmaster> > > <!-- CONFIRM? --> > <!-- servernames identifies the DNS namespace served by this > instance > of James. > If autodetect is TRUE, James wil attempt to discover its own name > AND use > any specified servernames. If autodetect is FALSE, James will use > only > the specified servernames. By default, the servername 'localhost' > is > specified. This can be removed, if required. --> > <servernames autodetect="FALSE"> > <servername>rockit.dk</servername> > <!-- > <servername>To override autodetected server names > uncomment this. </servername> > <servername>localhost</servername>--> > </servernames> > > <!-- Set whether user names are case sensitive or insensitive --> > <!-- Set whether to enable local aliases --> > <usernames ignoreCase="TRUE" enableAliases="TRUE" > enableForwarding="TRUE"/> > > > > <!-- The inbox repository is the location for users inboxes --> > <!-- Default setting: file based repository - enter path ( :/// > for absolute) --> > <inboxRepository> > <repository destinationURL="file://var/mail/inboxes/" > type="MAIL"> > </repository> > </inboxRepository> > <!-- Alternative inbox repository definition for DB use. --> > <!-- The format for the destinationURL is > "db://<data-source>/<table>" > - <data-source> is the datasource name set up in the > database-connections block, below > - <table> is the name of the table to store user inboxes in > The user name is used as <repositoryName> for this repository > config. > > <inboxRepository> > <repository destinationURL="db://maildb/inbox/" > type="MAIL"> > </repository> > </inboxRepository> > --> > </James> > > <!-- The James Spool Manager block --> > <spoolmanager> > > > <!-- number of spool threads --> > <threads> 10 </threads> > > <!-- Set the packages from which to load mailets and matches --> > <mailetpackages> > > <mailetpackage>org.apache.james.transport.mailets</mailetpackage> > </mailetpackages> > <matcherpackages> > > <matcherpackage>org.apache.james.transport.matchers</matcherpackage> > </matcherpackages> > > <!-- Processor CONFIGURATION SAMPLE: > root is the first processor all mails enter --> > <processor name="root"> > <!-- Checks that the MAIL FROM command was for a valid domain. > Important for spam prevention. --> > <!-- --> > <mailet match="SenderInFakeDomain" class="ToProcessor"> > <processor> spam </processor> > </mailet> > > <!-- Important check to avoid race conditions --> > <mailet match="RelayLimit=30" class="Null"> > </mailet> > > <!-- Check for delivery from a known spam server --> > <mailet match="InSpammerBlacklist=blackholes.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Rejected - see http://www.mail-abuse.org/rbl/ > </notice> > </mailet> > > <mailet match="InSpammerBlacklist=dialups.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Dialup - see http://www.mail-abuse.org/dul/ > </notice> > </mailet> > > <mailet match="InSpammerBlacklist=relays.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Open spam relay - see > http://www.mail-abuse.org/rss/ </notice> > </mailet> > > <!-- Sample matching to kill a message (send to Null) --> > <mailet match="RecipientIs=badboy@badhost" class="Null"> > </mailet> > > <!-- Sends remaining mails to the transport processor for > either > local or remote delivery --> > <mailet match="All" class="ToProcessor"> > <processor> transport </processor> > </mailet> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: error is the processor > mails with > failure conditions enter --> > <processor name="error"> > <!-- Logs any messages to the repository specified --> > <mailet match="All" class="ToRepository"> > <repositoryPath> file://var/mail/error/</repositoryPath> > <!-- <repositoryPath> db://conf/mail-error.properties > </repositoryPath> --> > <passThrough> true </passThrough> > </mailet> > > <!-- If you want to notify the sender their message was marked > as > spam, uncomment this --> > <mailet match="All" class="NotifySender"> > </mailet> > <!-- --> > > <!-- If you want to notify the postmaster that a message was > marked > as spam, uncomment this --> > <mailet match="All" class="NotifyPostmaster"> > </mailet> > <!-- --> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: transport is a sample > custom > processor for local or remote delivery --> > <processor name="transport"> > <!-- Is the recipient is for a local account, deliver it > locally --> > <mailet match="RecipientIsLocal" class="LocalDelivery"> > </mailet> > > <!-- If the host is handled by this server and it did not get > locally delivered, this is an invalid recipient --> > <mailet match="HostIsLocal" class="ToProcessor"> > <processor>error</processor> > </mailet> > > <!-- CHECKME! > Anti-relay mailet: Add your network address here, > e.g. "RemoteAddrNotInNetwork=127.0.0.1, abc.de.*" > --> > > <!-- This matcher-mailet pair can prevent relaying... if you > change > this, you risk making your mail server an open relay point > for > spammers . > NOTE 1: the order of matcher-mailets is important: it must > come after > valid local recipients have been dealt with but before any > attempt is > made to delivery the mail remotely. > NOTE 2: Add your own network, if you want to relay mail > outwards > NOTE 3: If you use SMTP AUTH, you may want to comment this > so users who are on the road can still use the server --> > <mailet match="RemoteAddrNotInNetwork=127.0.0.1, 10.0.0.*" > class="ToProcessor"> > <processor>spam</processor> > </mailet> > > <!-- Attempt remote delivery using the specified repository > for the > spool, > using delay time to retry delivery and the maximum number of > retries --> > <mailet match="All" class="RemoteDelivery"> > <outgoing> file://var/mail/outgoing/ </outgoing> > <!-- <outgoing> db://conf/mail-outgoing.properties > </outgoing> --> > <delayTime> 21600000 </delayTime> > <maxRetries> 5 </maxRetries> > </mailet> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: spam is where messages > detected > as relaying or other problems will get sent. You can either log > these, > bounce these, or just ignore them. --> > <processor name="spam"> > <!-- If you wanted, you could just destroy messages, uncomment > this > matcher/mailet > <mailet match="All" class="Null"> > </mailet> > --> > > <!-- If you want to notify the sender their message was marked > as > spam, uncomment this --> > <mailet match="All" class="NotifySender"> > </mailet> > <!-- --> > > <!-- If you want to notify the postmaster that a message was > marked > as spam, uncomment this--> > <mailet match="All" class="NotifyPostmaster"> > </mailet> > <!-- --> > > <!-- Out of the box, this will log the message to a repository > --> > <mailet match="All" class="ToRepository"> > <repositoryPath>file://var/mail/spam/</repositoryPath> > </mailet> > </processor> > </spoolmanager> > > > <smtpserver> > <port>25</port> > <!--<bind></bind> uncomment this if you want to bind to a > specific > inetaddress --> > <!--<useTLS>TRUE</useTLS>uncomment this if you want to use TLS > (SSL) > on this port --> > <handler> > <!-- helloName is the single host name this instance of James > will > use to identify itself for example, in SMTP and POP3 > greetings. If > autodetect is TRUE, James will attempt to discover its own > name OR > use 'localhost'. If autodetect is FALSE, James will use the > value > given OR 'localhost' --> > <helloName autodetect="FALSE">ROCK IT Mail Server</helloName> > <connectiontimeout>360000</connectiontimeout> > > <authRequired>false</authRequired><!-- uncomment this if you > want > SMTP AUTH support. This is useful if you have users who need > to use > the email server on the road, while not having your server act > as an > open relay! --> > > <verifyIdentity>true</verifyIdentity><!-- uncomment this if you > want > to verify that the MAIL FROM: address is the same user that > authenticated. This prevents a user of your mail server from > acting > as somebody else --> > > <!-- This sets the maximum allowed message size for the > smtphandler > in KBytes. The value defaults to 0, which means no limit. --> > <maxmessagesize>0</maxmessagesize> > > </handler> > </smtpserver> > > > > </config> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
