Randahl,
I am certain that my James installation is not an open relay. Below is
my relay matcher. I have put in a notice entry so that when the spam
processor sends me mail that there was a problem, I'll know that it came
from an attempted relay.
I think you should examine your smtpserver.log to see if your firewall
is rewriting the ip's as Serge suggested.
<mailet match="RemoteAddrNotInNetwork=127.0.0.1,192.168.0.*"
class="ToProcessor">
<processor> spam </processor>
<notice> Relays not permitted. </notice>
</mailet>
Eric
Serge Knystautas wrote:
>Randahl,
>
>My guess would be that your firewall is rewriting addresses or otherwise
>making it appear that every inbound email is on the 10.0.0.x network.
>That's the only explanation I can think of since otherwise they wouldn't get
>relayed.
>
>Serge Knystautas
>Loki Technologies - Unstoppable Websites
>http://www.lokitech.com/
>----- Original Message -----
>From: "Randahl Fink Isaksen" <[EMAIL PROTECTED]>
>To: "'James Users List'" <[EMAIL PROTECTED]>
>Sent: Wednesday, May 22, 2002 8:44 AM
>Subject: RE: Relay prevention
>
>
>
>
>>Hi Danny (and others)
>>
>>
>>Yes, I have made several tests where I was able to deliver mails to
>>accounts outside of my network even though the configuration should
>>prevent it. For instance, the below example (1) where I telnet'ed
>>allowed me to send an e-mail to my hotmail account.
>>
>>Moreover the open relay database at www.ordb.org has now blacklisted my
>>JAMES installation, and testing it with spamlart (you can try it
>>yourself by clicking below) made it flunk bigtime.
>>
>>http://www.paladincorp.com.au/cgi-bin/spamlart.cgi?DESTINATION=test.rock
>>it.dk
>>
>>
>>Are you guys absolutely certain that your installations are not
>>relaying? If you are, I would really like to see some configuration
>>examples. If you are not, I would like to recommend you try
>>http://www.ordb.org/submit/.
>>
>>
>>I really need to solves this quickly but I am really stuck here, so any
>>feedback on the configuration I have posted will be highly appreciated.
>>
>>
>>Yours
>>Randahl
>>
>>
>>-----Original Message-----
>>From: Danny Angus [mailto:[EMAIL PROTECTED]]
>>Sent: Wednesday, May 22, 2002 08:51
>>To: James Users List
>>Subject: RE: Relay prevention
>>
>>Randahl
>>
>>Just because James accepts mail, does not make it a relay, is mail sent
>>from
>>clients on other networks actually being delivered?
>>
>>http://jakarta.apache.org/james/FAQ.html#2
>>
>>
>>
>>>-----Original Message-----
>>>From: Randahl Fink Isaksen [mailto:[EMAIL PROTECTED]]
>>>Sent: 21 May 2002 22:51
>>>To: [EMAIL PROTECTED]
>>>Subject: Relay prevention
>>>
>>>
>>>Hi
>>>
>>>
>>>I am having a hard time stopping james from relaying mails (see config
>>>file below). Here is my list of unsolved issues - I would really
>>>appreciate any constructive feedback:
>>>
>>>1. I am using the SenderInFakeDomain matcher but it seems to have
>>>no effect. If I telnet to JAMES I can easily make JAMES send an e-mail
>>>using arbitrary sender addresses as in "mail from:[EMAIL PROTECTED]".
>>>JAMES just gives me an "OK" response.
>>>2. I have tried many different parameters for
>>>RemoteAddrNotInNetwork in the so-called anti-relay mailet. Currently I
>>>am trying to send everything to the SPAM folder unless it comes from
>>>127.0.0.1 (JAMES itself) or one of my local IPs, e.g. 10.0.0.23. This
>>>has no effect what so ever - I tested it with on-line relay-testers,
>>>
>>>
>>and
>>
>>
>>>even had a friend from another network telnet to my server, and he was
>>>able to send an e-mail aswell.
>>>3. I tried setting authRequired to true, but this seems not to be
>>>compatible with MS Outlook which fails to authenticate (I have tried
>>>many different sensible settings). This is the solution which I would
>>>like the most, since I hope it would could enable me to check my JAMES
>>>account outside the office aswell.
>>>
>>>The fact that my JAMES installation is an open relay has caused me no
>>>problems (yet), but I really would like to put an effort into stopping
>>>the spammers who are actively abusing my installation. Urgent help
>>>
>>>
>>will
>>
>>
>>>be highly appreciated. My config file is included below.
>>>
>>>Thanks
>>>
>>>
>>>Randahl
>>>
>>>
>>><?xml version="1.0"?>
>>><config>
>>>
>>> <!-- The James block -->
>>> <James>
>>><!-- CHECKME! Set this to the right email address for error reports
>>>
>>>
>>-->
>>
>>
>>> <postmaster>[EMAIL PROTECTED]</postmaster>
>>>
>>><!-- CONFIRM? -->
>>> <!-- servernames identifies the DNS namespace served by this
>>>instance
>>> of James.
>>> If autodetect is TRUE, James wil attempt to discover its own
>>>
>>>
>>name
>>
>>
>>>AND use
>>> any specified servernames. If autodetect is FALSE, James will
>>>
>>>
>>use
>>
>>
>>>only
>>> the specified servernames. By default, the servername
>>>
>>>
>>'localhost'
>>
>>
>>>is
>>> specified. This can be removed, if required. -->
>>> <servernames autodetect="FALSE">
>>> <servername>rockit.dk</servername>
>>> <!--
>>> <servername>To override autodetected server names
>>> uncomment this. </servername>
>>> <servername>localhost</servername>-->
>>> </servernames>
>>>
>>> <!-- Set whether user names are case sensitive or insensitive
>>>
>>>
>>-->
>>
>>
>>> <!-- Set whether to enable local aliases -->
>>> <usernames ignoreCase="TRUE" enableAliases="TRUE"
>>> enableForwarding="TRUE"/>
>>>
>>>
>>>
>>> <!-- The inbox repository is the location for users inboxes -->
>>> <!-- Default setting: file based repository - enter path ( :///
>>>for absolute) -->
>>> <inboxRepository>
>>> <repository destinationURL="file://var/mail/inboxes/"
>>> type="MAIL">
>>> </repository>
>>> </inboxRepository>
>>> <!-- Alternative inbox repository definition for DB use. -->
>>> <!-- The format for the destinationURL is
>>>"db://<data-source>/<table>"
>>> - <data-source> is the datasource name set up in the
>>> database-connections block, below
>>> - <table> is the name of the table to store user inboxes
>>>
>>>
>>in
>>
>>
>>> The user name is used as <repositoryName> for this
>>>
>>>
>>repository
>>
>>
>>>config.
>>>
>>> <inboxRepository>
>>> <repository destinationURL="db://maildb/inbox/"
>>> type="MAIL">
>>> </repository>
>>> </inboxRepository>
>>> -->
>>> </James>
>>>
>>> <!-- The James Spool Manager block -->
>>> <spoolmanager>
>>>
>>>
>>> <!-- number of spool threads -->
>>> <threads> 10 </threads>
>>>
>>> <!-- Set the packages from which to load mailets and matches
>>>
>>>
>>-->
>>
>>
>>> <mailetpackages>
>>>
>>><mailetpackage>org.apache.james.transport.mailets</mailetpackage>
>>> </mailetpackages>
>>> <matcherpackages>
>>>
>>><matcherpackage>org.apache.james.transport.matchers</matcherpackage>
>>> </matcherpackages>
>>>
>>> <!-- Processor CONFIGURATION SAMPLE:
>>> root is the first processor all mails enter -->
>>> <processor name="root">
>>> <!-- Checks that the MAIL FROM command was for a valid
>>>
>>>
>>domain.
>>
>>
>>> Important for spam prevention. -->
>>> <!-- -->
>>> <mailet match="SenderInFakeDomain" class="ToProcessor">
>>> <processor> spam </processor>
>>> </mailet>
>>>
>>> <!-- Important check to avoid race conditions -->
>>> <mailet match="RelayLimit=30" class="Null">
>>> </mailet>
>>>
>>> <!-- Check for delivery from a known spam server -->
>>> <mailet match="InSpammerBlacklist=blackholes.mail-abuse.org"
>>> class="ToProcessor">
>>> <processor> spam </processor>
>>> <notice> Rejected - see http://www.mail-abuse.org/rbl/
>>></notice>
>>> </mailet>
>>>
>>> <mailet match="InSpammerBlacklist=dialups.mail-abuse.org"
>>> class="ToProcessor">
>>> <processor> spam </processor>
>>> <notice> Dialup - see http://www.mail-abuse.org/dul/
>>></notice>
>>> </mailet>
>>>
>>> <mailet match="InSpammerBlacklist=relays.mail-abuse.org"
>>> class="ToProcessor">
>>> <processor> spam </processor>
>>> <notice> Open spam relay - see
>>>http://www.mail-abuse.org/rss/ </notice>
>>> </mailet>
>>>
>>> <!-- Sample matching to kill a message (send to Null) -->
>>> <mailet match="RecipientIs=badboy@badhost" class="Null">
>>> </mailet>
>>>
>>> <!-- Sends remaining mails to the transport processor for
>>>either
>>> local or remote delivery -->
>>> <mailet match="All" class="ToProcessor">
>>> <processor> transport </processor>
>>> </mailet>
>>> </processor>
>>>
>>> <!-- Processor CONFIGURATION SAMPLE: error is the processor
>>>mails with
>>> failure conditions enter -->
>>> <processor name="error">
>>> <!-- Logs any messages to the repository specified -->
>>> <mailet match="All" class="ToRepository">
>>> <repositoryPath> file://var/mail/error/</repositoryPath>
>>> <!-- <repositoryPath> db://conf/mail-error.properties
>>></repositoryPath> -->
>>> <passThrough> true </passThrough>
>>> </mailet>
>>>
>>> <!-- If you want to notify the sender their message was
>>>
>>>
>>marked
>>
>>
>>>as
>>> spam, uncomment this -->
>>> <mailet match="All" class="NotifySender">
>>> </mailet>
>>> <!-- -->
>>>
>>> <!-- If you want to notify the postmaster that a message was
>>>marked
>>> as spam, uncomment this -->
>>> <mailet match="All" class="NotifyPostmaster">
>>> </mailet>
>>> <!-- -->
>>> </processor>
>>>
>>> <!-- Processor CONFIGURATION SAMPLE: transport is a sample
>>>custom
>>> processor for local or remote delivery -->
>>> <processor name="transport">
>>> <!-- Is the recipient is for a local account, deliver it
>>>locally -->
>>> <mailet match="RecipientIsLocal" class="LocalDelivery">
>>> </mailet>
>>>
>>> <!-- If the host is handled by this server and it did not
>>>
>>>
>>get
>>
>>
>>> locally delivered, this is an invalid recipient -->
>>> <mailet match="HostIsLocal" class="ToProcessor">
>>> <processor>error</processor>
>>> </mailet>
>>>
>>><!-- CHECKME!
>>> Anti-relay mailet: Add your network address here,
>>> e.g. "RemoteAddrNotInNetwork=127.0.0.1, abc.de.*"
>>>-->
>>>
>>> <!-- This matcher-mailet pair can prevent relaying... if you
>>>change
>>> this, you risk making your mail server an open relay point
>>>for
>>> spammers .
>>> NOTE 1: the order of matcher-mailets is important: it must
>>>come after
>>> valid local recipients have been dealt with but before any
>>>attempt is
>>> made to delivery the mail remotely.
>>> NOTE 2: Add your own network, if you want to relay mail
>>>outwards
>>> NOTE 3: If you use SMTP AUTH, you may want to comment this
>>> so users who are on the road can still use the server -->
>>> <mailet match="RemoteAddrNotInNetwork=127.0.0.1, 10.0.0.*"
>>>class="ToProcessor">
>>> <processor>spam</processor>
>>> </mailet>
>>>
>>> <!-- Attempt remote delivery using the specified repository
>>>for the
>>> spool,
>>> using delay time to retry delivery and the maximum number of
>>> retries -->
>>> <mailet match="All" class="RemoteDelivery">
>>> <outgoing> file://var/mail/outgoing/ </outgoing>
>>> <!-- <outgoing> db://conf/mail-outgoing.properties
>>></outgoing> -->
>>> <delayTime> 21600000 </delayTime>
>>> <maxRetries> 5 </maxRetries>
>>> </mailet>
>>> </processor>
>>>
>>> <!-- Processor CONFIGURATION SAMPLE: spam is where messages
>>>detected
>>> as relaying or other problems will get sent. You can either
>>>
>>>
>>log
>>
>>
>>>these,
>>> bounce these, or just ignore them. -->
>>> <processor name="spam">
>>> <!-- If you wanted, you could just destroy messages,
>>>
>>>
>>uncomment
>>
>>
>>>this
>>> matcher/mailet
>>> <mailet match="All" class="Null">
>>> </mailet>
>>> -->
>>>
>>> <!-- If you want to notify the sender their message was
>>>
>>>
>>marked
>>
>>
>>>as
>>> spam, uncomment this -->
>>> <mailet match="All" class="NotifySender">
>>> </mailet>
>>> <!-- -->
>>>
>>> <!-- If you want to notify the postmaster that a message was
>>>marked
>>> as spam, uncomment this-->
>>> <mailet match="All" class="NotifyPostmaster">
>>> </mailet>
>>> <!-- -->
>>>
>>> <!-- Out of the box, this will log the message to a
>>>
>>>
>>repository
>>
>>
>>>-->
>>> <mailet match="All" class="ToRepository">
>>> <repositoryPath>file://var/mail/spam/</repositoryPath>
>>> </mailet>
>>> </processor>
>>> </spoolmanager>
>>>
>>>
>>> <smtpserver>
>>> <port>25</port>
>>> <!--<bind></bind> uncomment this if you want to bind to a
>>>specific
>>> inetaddress -->
>>> <!--<useTLS>TRUE</useTLS>uncomment this if you want to use TLS
>>>(SSL)
>>> on this port -->
>>> <handler>
>>> <!-- helloName is the single host name this instance of
>>>
>>>
>>James
>>
>>
>>>will
>>> use to identify itself for example, in SMTP and POP3
>>>greetings. If
>>> autodetect is TRUE, James will attempt to discover its own
>>>name OR
>>> use 'localhost'. If autodetect is FALSE, James will use the
>>>value
>>> given OR 'localhost' -->
>>> <helloName autodetect="FALSE">ROCK IT Mail
>>>
>>>
>>Server</helloName>
>>
>>
>>> <connectiontimeout>360000</connectiontimeout>
>>>
>>> <authRequired>false</authRequired><!-- uncomment this if you
>>>want
>>> SMTP AUTH support. This is useful if you have users who need
>>>to use
>>> the email server on the road, while not having your server
>>>
>>>
>>act
>>
>>
>>>as an
>>> open relay! -->
>>>
>>> <verifyIdentity>true</verifyIdentity><!-- uncomment this if
>>>
>>>
>>you
>>
>>
>>>want
>>> to verify that the MAIL FROM: address is the same user that
>>> authenticated. This prevents a user of your mail server from
>>>acting
>>> as somebody else -->
>>>
>>> <!-- This sets the maximum allowed message size for the
>>>smtphandler
>>> in KBytes. The value defaults to 0, which means no limit.
>>>
>>>
>>-->
>>
>>
>>> <maxmessagesize>0</maxmessagesize>
>>>
>>> </handler>
>>> </smtpserver>
>>>
>>>
>>>
>>></config>
>>>
>>>
>>>
>>>
>>>
>>--
>>To unsubscribe, e-mail:
>><mailto:[EMAIL PROTECTED]>
>>For additional commands, e-mail:
>><mailto:[EMAIL PROTECTED]>
>>
>>
>>--
>>To unsubscribe, e-mail:
>>
>>
><mailto:[EMAIL PROTECTED]>
>
>
>>For additional commands, e-mail:
>>
>>
><mailto:[EMAIL PROTECTED]>
>
>
>>
>>
>
>
>--
>To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
>
>
>
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
