Randahl Just because James accepts mail, does not make it a relay, is mail sent from clients on other networks actually being delivered?
http://jakarta.apache.org/james/FAQ.html#2 > -----Original Message----- > From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] > Sent: 21 May 2002 22:51 > To: [EMAIL PROTECTED] > Subject: Relay prevention > > > Hi > > > I am having a hard time stopping james from relaying mails (see config > file below). Here is my list of unsolved issues - I would really > appreciate any constructive feedback: > > 1. I am using the SenderInFakeDomain matcher but it seems to have > no effect. If I telnet to JAMES I can easily make JAMES send an e-mail > using arbitrary sender addresses as in "mail from:[EMAIL PROTECTED]". > JAMES just gives me an "OK" response. > 2. I have tried many different parameters for > RemoteAddrNotInNetwork in the so-called anti-relay mailet. Currently I > am trying to send everything to the SPAM folder unless it comes from > 127.0.0.1 (JAMES itself) or one of my local IPs, e.g. 10.0.0.23. This > has no effect what so ever - I tested it with on-line relay-testers, and > even had a friend from another network telnet to my server, and he was > able to send an e-mail aswell. > 3. I tried setting authRequired to true, but this seems not to be > compatible with MS Outlook which fails to authenticate (I have tried > many different sensible settings). This is the solution which I would > like the most, since I hope it would could enable me to check my JAMES > account outside the office aswell. > > The fact that my JAMES installation is an open relay has caused me no > problems (yet), but I really would like to put an effort into stopping > the spammers who are actively abusing my installation. Urgent help will > be highly appreciated. My config file is included below. > > Thanks > > > Randahl > > > <?xml version="1.0"?> > <config> > > <!-- The James block --> > <James> > <!-- CHECKME! Set this to the right email address for error reports --> > <postmaster>[EMAIL PROTECTED]</postmaster> > > <!-- CONFIRM? --> > <!-- servernames identifies the DNS namespace served by this > instance > of James. > If autodetect is TRUE, James wil attempt to discover its own name > AND use > any specified servernames. If autodetect is FALSE, James will use > only > the specified servernames. By default, the servername 'localhost' > is > specified. This can be removed, if required. --> > <servernames autodetect="FALSE"> > <servername>rockit.dk</servername> > <!-- > <servername>To override autodetected server names > uncomment this. </servername> > <servername>localhost</servername>--> > </servernames> > > <!-- Set whether user names are case sensitive or insensitive --> > <!-- Set whether to enable local aliases --> > <usernames ignoreCase="TRUE" enableAliases="TRUE" > enableForwarding="TRUE"/> > > > > <!-- The inbox repository is the location for users inboxes --> > <!-- Default setting: file based repository - enter path ( :/// > for absolute) --> > <inboxRepository> > <repository destinationURL="file://var/mail/inboxes/" > type="MAIL"> > </repository> > </inboxRepository> > <!-- Alternative inbox repository definition for DB use. --> > <!-- The format for the destinationURL is > "db://<data-source>/<table>" > - <data-source> is the datasource name set up in the > database-connections block, below > - <table> is the name of the table to store user inboxes in > The user name is used as <repositoryName> for this repository > config. > > <inboxRepository> > <repository destinationURL="db://maildb/inbox/" > type="MAIL"> > </repository> > </inboxRepository> > --> > </James> > > <!-- The James Spool Manager block --> > <spoolmanager> > > > <!-- number of spool threads --> > <threads> 10 </threads> > > <!-- Set the packages from which to load mailets and matches --> > <mailetpackages> > > <mailetpackage>org.apache.james.transport.mailets</mailetpackage> > </mailetpackages> > <matcherpackages> > > <matcherpackage>org.apache.james.transport.matchers</matcherpackage> > </matcherpackages> > > <!-- Processor CONFIGURATION SAMPLE: > root is the first processor all mails enter --> > <processor name="root"> > <!-- Checks that the MAIL FROM command was for a valid domain. > Important for spam prevention. --> > <!-- --> > <mailet match="SenderInFakeDomain" class="ToProcessor"> > <processor> spam </processor> > </mailet> > > <!-- Important check to avoid race conditions --> > <mailet match="RelayLimit=30" class="Null"> > </mailet> > > <!-- Check for delivery from a known spam server --> > <mailet match="InSpammerBlacklist=blackholes.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Rejected - see http://www.mail-abuse.org/rbl/ > </notice> > </mailet> > > <mailet match="InSpammerBlacklist=dialups.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Dialup - see http://www.mail-abuse.org/dul/ > </notice> > </mailet> > > <mailet match="InSpammerBlacklist=relays.mail-abuse.org" > class="ToProcessor"> > <processor> spam </processor> > <notice> Open spam relay - see > http://www.mail-abuse.org/rss/ </notice> > </mailet> > > <!-- Sample matching to kill a message (send to Null) --> > <mailet match="RecipientIs=badboy@badhost" class="Null"> > </mailet> > > <!-- Sends remaining mails to the transport processor for > either > local or remote delivery --> > <mailet match="All" class="ToProcessor"> > <processor> transport </processor> > </mailet> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: error is the processor > mails with > failure conditions enter --> > <processor name="error"> > <!-- Logs any messages to the repository specified --> > <mailet match="All" class="ToRepository"> > <repositoryPath> file://var/mail/error/</repositoryPath> > <!-- <repositoryPath> db://conf/mail-error.properties > </repositoryPath> --> > <passThrough> true </passThrough> > </mailet> > > <!-- If you want to notify the sender their message was marked > as > spam, uncomment this --> > <mailet match="All" class="NotifySender"> > </mailet> > <!-- --> > > <!-- If you want to notify the postmaster that a message was > marked > as spam, uncomment this --> > <mailet match="All" class="NotifyPostmaster"> > </mailet> > <!-- --> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: transport is a sample > custom > processor for local or remote delivery --> > <processor name="transport"> > <!-- Is the recipient is for a local account, deliver it > locally --> > <mailet match="RecipientIsLocal" class="LocalDelivery"> > </mailet> > > <!-- If the host is handled by this server and it did not get > locally delivered, this is an invalid recipient --> > <mailet match="HostIsLocal" class="ToProcessor"> > <processor>error</processor> > </mailet> > > <!-- CHECKME! > Anti-relay mailet: Add your network address here, > e.g. "RemoteAddrNotInNetwork=127.0.0.1, abc.de.*" > --> > > <!-- This matcher-mailet pair can prevent relaying... if you > change > this, you risk making your mail server an open relay point > for > spammers . > NOTE 1: the order of matcher-mailets is important: it must > come after > valid local recipients have been dealt with but before any > attempt is > made to delivery the mail remotely. > NOTE 2: Add your own network, if you want to relay mail > outwards > NOTE 3: If you use SMTP AUTH, you may want to comment this > so users who are on the road can still use the server --> > <mailet match="RemoteAddrNotInNetwork=127.0.0.1, 10.0.0.*" > class="ToProcessor"> > <processor>spam</processor> > </mailet> > > <!-- Attempt remote delivery using the specified repository > for the > spool, > using delay time to retry delivery and the maximum number of > retries --> > <mailet match="All" class="RemoteDelivery"> > <outgoing> file://var/mail/outgoing/ </outgoing> > <!-- <outgoing> db://conf/mail-outgoing.properties > </outgoing> --> > <delayTime> 21600000 </delayTime> > <maxRetries> 5 </maxRetries> > </mailet> > </processor> > > <!-- Processor CONFIGURATION SAMPLE: spam is where messages > detected > as relaying or other problems will get sent. You can either log > these, > bounce these, or just ignore them. --> > <processor name="spam"> > <!-- If you wanted, you could just destroy messages, uncomment > this > matcher/mailet > <mailet match="All" class="Null"> > </mailet> > --> > > <!-- If you want to notify the sender their message was marked > as > spam, uncomment this --> > <mailet match="All" class="NotifySender"> > </mailet> > <!-- --> > > <!-- If you want to notify the postmaster that a message was > marked > as spam, uncomment this--> > <mailet match="All" class="NotifyPostmaster"> > </mailet> > <!-- --> > > <!-- Out of the box, this will log the message to a repository > --> > <mailet match="All" class="ToRepository"> > <repositoryPath>file://var/mail/spam/</repositoryPath> > </mailet> > </processor> > </spoolmanager> > > > <smtpserver> > <port>25</port> > <!--<bind></bind> uncomment this if you want to bind to a > specific > inetaddress --> > <!--<useTLS>TRUE</useTLS>uncomment this if you want to use TLS > (SSL) > on this port --> > <handler> > <!-- helloName is the single host name this instance of James > will > use to identify itself for example, in SMTP and POP3 > greetings. If > autodetect is TRUE, James will attempt to discover its own > name OR > use 'localhost'. If autodetect is FALSE, James will use the > value > given OR 'localhost' --> > <helloName autodetect="FALSE">ROCK IT Mail Server</helloName> > <connectiontimeout>360000</connectiontimeout> > > <authRequired>false</authRequired><!-- uncomment this if you > want > SMTP AUTH support. This is useful if you have users who need > to use > the email server on the road, while not having your server act > as an > open relay! --> > > <verifyIdentity>true</verifyIdentity><!-- uncomment this if you > want > to verify that the MAIL FROM: address is the same user that > authenticated. This prevents a user of your mail server from > acting > as somebody else --> > > <!-- This sets the maximum allowed message size for the > smtphandler > in KBytes. The value defaults to 0, which means no limit. --> > <maxmessagesize>0</maxmessagesize> > > </handler> > </smtpserver> > > > > </config> > > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
