Yes, but only for the subnets I allow.
The ones listed in my tcp.rules. This was ok when the network did not
have over a 1000 users on it. Not everyone uses my domain for email that
is on my network.
I have a rule on the gateway that stops all smtp traffic unless it is
from my server only.
I did tell the customers to apply authentication and change their
password and so far so good.
I believe this has been resolved for now.
I just dont have any idea how many others on the net have it set.
I guess I will need to send out a block message to all the accounts on
my domain and shut down 'no auth'.
I do not allow open relay from anyone outside of the subnets I list on
the server. Only allow for those on listed subnets.
What is the best way to lock this down?
--Thanks
Dave
On 7/31/2010 9:17 PM, Eric Shubert wrote:
Jake Vickers wrote:
On 07/31/2010 01:35 PM, David Milholen wrote:
Hi All,
I am sure some have seen this before in their smtp logs.
@400000004c54490126e69094 CHKUSER relaying rcpt: from
<keithra...@gmail.com::> remote <*User:unknown:63.147.8.197*> rcpt
<zara-har...@hotmail.com> : client allowed to relay
@400000004c54490126ec513c spamdyke[1982]: ALLOWED from:
keithra...@gmail.com to: zara-har...@hotmail.com origin_ip:
63.147.8.197 origin_rdns: *can-63-147-8-197.wletc.com* auth: (unknown)
The Ip address belongs to my network but the hotmail and gmail
accounts do not.
This looks like a customers' machine with a bad bot-net virus. I
have shut off any access to the mail server for that customer but it
seems to be reoccurring until I flush the dns.
It will not show up for a while then it starts again.
Is my Dns compromised?
What can I do to not accept User:unkown by using spamdyke or other
methods?
Aren't you allowing anyone who has one fo your IPs to relay all they
want in your tcp.smtp? If so, then there's not much you can do unless
you want tighten up your network or force everything to be scanned.
Right. This is (one reason) why it's not a good idea to allow open
(unauthenticated) relaying, even on your own network. Open relays are
bad news. Always. (imo)
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
