Rajesh M wrote:
hi

thanks for the reply

my intention is to make qmail as secure as possible and since i am using a
few other mail servers (like hmailserver) i was looking at the following.
I implemented such small customizations in hmail server and now it is
secure to my satisfaction.

a) on port 25 -- if some spammer gets to know a few email ids on my server
he can simply send emails (in between these users) thru port 25 without
authentication since they are a local delivery qmail does not bother to
authenticate. It should be mandatory that the authentication should be
present for all local domains.

If you were to require authentication for all mail coming to your local domain(s) on port 25, how would mail from external domains ever get to you? Or is that the idea?

So i will either have to modify qmail-smtpd so all local domains need to
authenticate on port 25 where they send or i will  have to disallow all my
local users from sending emails using smtp auth on port 25 and ask them
all change over port 587. (This will prevent spam which comes with both
the to id and from id as the same.). Using the badmailfrom list i can put
all the local domains in that list, and force my users to use port 587 for
smtp authenticated sending.

If all of your users are authenticating and using your server for submission (regardless of port 25 or 587), you can blacklist your local domains in spamdyke, which will prevent forged "from" addresses containing your hosted domain(s).

b) on port 587 -- submission will have a separate smtpd file looking at a
different badmailfrom list where only local domains will be allowed to
authenticate and send

This is not needed if you simply blacklist your local domains using spamdyke.

c) third most important point is that i want to prevent misuse of my mail
servers by means of masquerading -- ie user authenticates as user @
domain_on_my_server.com but changes the mail from to user @ yahoo.com etc
... i had several incidences of such a kind of spamming because the users
computer gets compromised. Using the above though the spamming will not
stop atleast i will know right away as to which domain is compromised.


empf -- unfortunately i simply could not figure out how to achieve the
above using empf

Only c) needs to be implemented using empf, which I believe is possible. I don't use empf personally, so I'm not positive on that. Someone else here might be able to help you if you post the empf rules you've tried, or you might see if there is an empf list that would have more expertise with its use.

thanks
rajesh


Rajesh M wrote:
hello

i wish customize qmail toaster as follows

i need have a separate qmail-smtpd (say qmail-smtpdauth) file so for my
customers ie email users on my server who will smtp authenticate and
then
send out emails

these users will use a separate port say 587 or a totally separate port
for sending out email

i need to change the supervise/run file so that this file
(qmail-smtpdauth) is called

i need change the qmail-smtpdauth so that it will look a separate
badmailfrom file and have other rules applicable only to authenticated
senders ie my customers

my questions

a) is this possible ?
Anything is possible if you can code in C.

b) if yes then can you give me some brief steps on what i need to do to
extract the rpm, which file i would need to edit  ?
qmail-smtpd(.c?) program uses badmailfrom. I think I'd create an
environment variable that would provide the name of the file to use.
Then you could use the same program in both cases, and control which
badmailfrom is used by setting a variable in the appropriate run file.

What 'other rules' are you talking about. Cannot eMPF handle these?

Would being able to specify eMPF rules and/or badmailfrom by domain be a
suitable solution? I'm thinking here of something similar to the way
that domainkeys is implemented.

--
-Eric 'shubes'




--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
    For additional commands, e-mail: [email protected]


Reply via email to