Randahl, My guess would be that your firewall is rewriting addresses or otherwise making it appear that every inbound email is on the 10.0.0.x network. That's the only explanation I can think of since otherwise they wouldn't get relayed.
Serge Knystautas Loki Technologies - Unstoppable Websites http://www.lokitech.com/ ----- Original Message ----- From: "Randahl Fink Isaksen" <[EMAIL PROTECTED]> To: "'James Users List'" <[EMAIL PROTECTED]> Sent: Wednesday, May 22, 2002 8:44 AM Subject: RE: Relay prevention > Hi Danny (and others) > > > Yes, I have made several tests where I was able to deliver mails to > accounts outside of my network even though the configuration should > prevent it. For instance, the below example (1) where I telnet'ed > allowed me to send an e-mail to my hotmail account. > > Moreover the open relay database at www.ordb.org has now blacklisted my > JAMES installation, and testing it with spamlart (you can try it > yourself by clicking below) made it flunk bigtime. > > http://www.paladincorp.com.au/cgi-bin/spamlart.cgi?DESTINATION=test.rock > it.dk > > > Are you guys absolutely certain that your installations are not > relaying? If you are, I would really like to see some configuration > examples. If you are not, I would like to recommend you try > http://www.ordb.org/submit/. > > > I really need to solves this quickly but I am really stuck here, so any > feedback on the configuration I have posted will be highly appreciated. > > > Yours > Randahl > > > -----Original Message----- > From: Danny Angus [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 08:51 > To: James Users List > Subject: RE: Relay prevention > > Randahl > > Just because James accepts mail, does not make it a relay, is mail sent > from > clients on other networks actually being delivered? > > http://jakarta.apache.org/james/FAQ.html#2 > > > -----Original Message----- > > From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]] > > Sent: 21 May 2002 22:51 > > To: [EMAIL PROTECTED] > > Subject: Relay prevention > > > > > > Hi > > > > > > I am having a hard time stopping james from relaying mails (see config > > file below). Here is my list of unsolved issues - I would really > > appreciate any constructive feedback: > > > > 1. I am using the SenderInFakeDomain matcher but it seems to have > > no effect. If I telnet to JAMES I can easily make JAMES send an e-mail > > using arbitrary sender addresses as in "mail from:[EMAIL PROTECTED]". > > JAMES just gives me an "OK" response. > > 2. I have tried many different parameters for > > RemoteAddrNotInNetwork in the so-called anti-relay mailet. Currently I > > am trying to send everything to the SPAM folder unless it comes from > > 127.0.0.1 (JAMES itself) or one of my local IPs, e.g. 10.0.0.23. This > > has no effect what so ever - I tested it with on-line relay-testers, > and > > even had a friend from another network telnet to my server, and he was > > able to send an e-mail aswell. > > 3. I tried setting authRequired to true, but this seems not to be > > compatible with MS Outlook which fails to authenticate (I have tried > > many different sensible settings). This is the solution which I would > > like the most, since I hope it would could enable me to check my JAMES > > account outside the office aswell. > > > > The fact that my JAMES installation is an open relay has caused me no > > problems (yet), but I really would like to put an effort into stopping > > the spammers who are actively abusing my installation. Urgent help > will > > be highly appreciated. My config file is included below. > > > > Thanks > > > > > > Randahl > > > > > > <?xml version="1.0"?> > > <config> > > > > <!-- The James block --> > > <James> > > <!-- CHECKME! Set this to the right email address for error reports > --> > > <postmaster>[EMAIL PROTECTED]</postmaster> > > > > <!-- CONFIRM? --> > > <!-- servernames identifies the DNS namespace served by this > > instance > > of James. > > If autodetect is TRUE, James wil attempt to discover its own > name > > AND use > > any specified servernames. If autodetect is FALSE, James will > use > > only > > the specified servernames. By default, the servername > 'localhost' > > is > > specified. This can be removed, if required. --> > > <servernames autodetect="FALSE"> > > <servername>rockit.dk</servername> > > <!-- > > <servername>To override autodetected server names > > uncomment this. </servername> > > <servername>localhost</servername>--> > > </servernames> > > > > <!-- Set whether user names are case sensitive or insensitive > --> > > <!-- Set whether to enable local aliases --> > > <usernames ignoreCase="TRUE" enableAliases="TRUE" > > enableForwarding="TRUE"/> > > > > > > > > <!-- The inbox repository is the location for users inboxes --> > > <!-- Default setting: file based repository - enter path ( :/// > > for absolute) --> > > <inboxRepository> > > <repository destinationURL="file://var/mail/inboxes/" > > type="MAIL"> > > </repository> > > </inboxRepository> > > <!-- Alternative inbox repository definition for DB use. --> > > <!-- The format for the destinationURL is > > "db://<data-source>/<table>" > > - <data-source> is the datasource name set up in the > > database-connections block, below > > - <table> is the name of the table to store user inboxes > in > > The user name is used as <repositoryName> for this > repository > > config. > > > > <inboxRepository> > > <repository destinationURL="db://maildb/inbox/" > > type="MAIL"> > > </repository> > > </inboxRepository> > > --> > > </James> > > > > <!-- The James Spool Manager block --> > > <spoolmanager> > > > > > > <!-- number of spool threads --> > > <threads> 10 </threads> > > > > <!-- Set the packages from which to load mailets and matches > --> > > <mailetpackages> > > > > <mailetpackage>org.apache.james.transport.mailets</mailetpackage> > > </mailetpackages> > > <matcherpackages> > > > > <matcherpackage>org.apache.james.transport.matchers</matcherpackage> > > </matcherpackages> > > > > <!-- Processor CONFIGURATION SAMPLE: > > root is the first processor all mails enter --> > > <processor name="root"> > > <!-- Checks that the MAIL FROM command was for a valid > domain. > > Important for spam prevention. --> > > <!-- --> > > <mailet match="SenderInFakeDomain" class="ToProcessor"> > > <processor> spam </processor> > > </mailet> > > > > <!-- Important check to avoid race conditions --> > > <mailet match="RelayLimit=30" class="Null"> > > </mailet> > > > > <!-- Check for delivery from a known spam server --> > > <mailet match="InSpammerBlacklist=blackholes.mail-abuse.org" > > class="ToProcessor"> > > <processor> spam </processor> > > <notice> Rejected - see http://www.mail-abuse.org/rbl/ > > </notice> > > </mailet> > > > > <mailet match="InSpammerBlacklist=dialups.mail-abuse.org" > > class="ToProcessor"> > > <processor> spam </processor> > > <notice> Dialup - see http://www.mail-abuse.org/dul/ > > </notice> > > </mailet> > > > > <mailet match="InSpammerBlacklist=relays.mail-abuse.org" > > class="ToProcessor"> > > <processor> spam </processor> > > <notice> Open spam relay - see > > http://www.mail-abuse.org/rss/ </notice> > > </mailet> > > > > <!-- Sample matching to kill a message (send to Null) --> > > <mailet match="RecipientIs=badboy@badhost" class="Null"> > > </mailet> > > > > <!-- Sends remaining mails to the transport processor for > > either > > local or remote delivery --> > > <mailet match="All" class="ToProcessor"> > > <processor> transport </processor> > > </mailet> > > </processor> > > > > <!-- Processor CONFIGURATION SAMPLE: error is the processor > > mails with > > failure conditions enter --> > > <processor name="error"> > > <!-- Logs any messages to the repository specified --> > > <mailet match="All" class="ToRepository"> > > <repositoryPath> file://var/mail/error/</repositoryPath> > > <!-- <repositoryPath> db://conf/mail-error.properties > > </repositoryPath> --> > > <passThrough> true </passThrough> > > </mailet> > > > > <!-- If you want to notify the sender their message was > marked > > as > > spam, uncomment this --> > > <mailet match="All" class="NotifySender"> > > </mailet> > > <!-- --> > > > > <!-- If you want to notify the postmaster that a message was > > marked > > as spam, uncomment this --> > > <mailet match="All" class="NotifyPostmaster"> > > </mailet> > > <!-- --> > > </processor> > > > > <!-- Processor CONFIGURATION SAMPLE: transport is a sample > > custom > > processor for local or remote delivery --> > > <processor name="transport"> > > <!-- Is the recipient is for a local account, deliver it > > locally --> > > <mailet match="RecipientIsLocal" class="LocalDelivery"> > > </mailet> > > > > <!-- If the host is handled by this server and it did not > get > > locally delivered, this is an invalid recipient --> > > <mailet match="HostIsLocal" class="ToProcessor"> > > <processor>error</processor> > > </mailet> > > > > <!-- CHECKME! > > Anti-relay mailet: Add your network address here, > > e.g. "RemoteAddrNotInNetwork=127.0.0.1, abc.de.*" > > --> > > > > <!-- This matcher-mailet pair can prevent relaying... if you > > change > > this, you risk making your mail server an open relay point > > for > > spammers . > > NOTE 1: the order of matcher-mailets is important: it must > > come after > > valid local recipients have been dealt with but before any > > attempt is > > made to delivery the mail remotely. > > NOTE 2: Add your own network, if you want to relay mail > > outwards > > NOTE 3: If you use SMTP AUTH, you may want to comment this > > so users who are on the road can still use the server --> > > <mailet match="RemoteAddrNotInNetwork=127.0.0.1, 10.0.0.*" > > class="ToProcessor"> > > <processor>spam</processor> > > </mailet> > > > > <!-- Attempt remote delivery using the specified repository > > for the > > spool, > > using delay time to retry delivery and the maximum number of > > retries --> > > <mailet match="All" class="RemoteDelivery"> > > <outgoing> file://var/mail/outgoing/ </outgoing> > > <!-- <outgoing> db://conf/mail-outgoing.properties > > </outgoing> --> > > <delayTime> 21600000 </delayTime> > > <maxRetries> 5 </maxRetries> > > </mailet> > > </processor> > > > > <!-- Processor CONFIGURATION SAMPLE: spam is where messages > > detected > > as relaying or other problems will get sent. You can either > log > > these, > > bounce these, or just ignore them. --> > > <processor name="spam"> > > <!-- If you wanted, you could just destroy messages, > uncomment > > this > > matcher/mailet > > <mailet match="All" class="Null"> > > </mailet> > > --> > > > > <!-- If you want to notify the sender their message was > marked > > as > > spam, uncomment this --> > > <mailet match="All" class="NotifySender"> > > </mailet> > > <!-- --> > > > > <!-- If you want to notify the postmaster that a message was > > marked > > as spam, uncomment this--> > > <mailet match="All" class="NotifyPostmaster"> > > </mailet> > > <!-- --> > > > > <!-- Out of the box, this will log the message to a > repository > > --> > > <mailet match="All" class="ToRepository"> > > <repositoryPath>file://var/mail/spam/</repositoryPath> > > </mailet> > > </processor> > > </spoolmanager> > > > > > > <smtpserver> > > <port>25</port> > > <!--<bind></bind> uncomment this if you want to bind to a > > specific > > inetaddress --> > > <!--<useTLS>TRUE</useTLS>uncomment this if you want to use TLS > > (SSL) > > on this port --> > > <handler> > > <!-- helloName is the single host name this instance of > James > > will > > use to identify itself for example, in SMTP and POP3 > > greetings. If > > autodetect is TRUE, James will attempt to discover its own > > name OR > > use 'localhost'. If autodetect is FALSE, James will use the > > value > > given OR 'localhost' --> > > <helloName autodetect="FALSE">ROCK IT Mail > Server</helloName> > > <connectiontimeout>360000</connectiontimeout> > > > > <authRequired>false</authRequired><!-- uncomment this if you > > want > > SMTP AUTH support. This is useful if you have users who need > > to use > > the email server on the road, while not having your server > act > > as an > > open relay! --> > > > > <verifyIdentity>true</verifyIdentity><!-- uncomment this if > you > > want > > to verify that the MAIL FROM: address is the same user that > > authenticated. This prevents a user of your mail server from > > acting > > as somebody else --> > > > > <!-- This sets the maximum allowed message size for the > > smtphandler > > in KBytes. The value defaults to 0, which means no limit. > --> > > <maxmessagesize>0</maxmessagesize> > > > > </handler> > > </smtpserver> > > > > > > > > </config> > > > > > > > > > -- > To unsubscribe, e-mail: > <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: > <mailto:[EMAIL PROTECTED]> > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
