On 05/19/2011 04:28 AM, K Anand wrote:
On 19/05/2011 3:38 PM, K Anand wrote:
Hi all,
Recently seen a spurt in spam going out from my server.
What I have seen is that in such cases, this is the log.
CHKUSER relaying rcpt: from <[email protected]:rmfpwr:> remote
<k.st:unknown:183.5.232.68> rcpt <[email protected]> : client allowed
to relay
Now, in my tcp.smtp, this client is not allowed to relay. So am stumped
as to how this client is allowed to relay ? A small investigation showed
up that the To address in such mails is coming as below :
simscan:[5907]:RELAYCLIENT:1.8346s:-:183.5.232.68:[email protected]:[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected]
There is a : in the to line. Is that causing the problem ?
My server is accepting this, trying to deliver, failing, and bouncing to
users in my domain ...
Figured out the problem ...SMTP AUTH ...the guy guessed the password and
got authenticated.
Anand
---------------------------------------------------------------------------------
I've seen a rare occasion where a password was sniffed. You should try
to ensure that users have TLS/SSL configured in their clients.
Unfortunately, (I think) there's no way to enforce this with a policy on
the server. Dovecot can do this for imap/pop, but smtp allows
unencrypted authentication. Someone please correct me if I'm wrong about
this.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
