I have been looking in the qmail smtp log and quail mail smtp queue. The user was receiving failed delivery messages that showed the sender as user@ourdomain@ip-address . I think it has stop now . I am now longer seeing any in the log or queque . In the log it would show the user's email address and a foreign ip address and say account allow to relay . None of the IP where from 128 .
Some up the earlier suggestions may have work and I am too much of a novice to have seen it . I will be continuing to monitor it . Thanks for everyones help. -----Original Message----- From: Jon Myers [mailto:[email protected]] Sent: Wednesday, March 27, 2013 3:02 PM To: [email protected] Subject: RE: [qmailtoaster] Relaying yes, it should let you connect, as thats how other mail servers out on the internet connect and send mail to people within your domain. I was thinking you could manually talk the SMTP protocol and try relaying to domains outside your mail server to see if it says relaying denied. Can you find the IP that is relaying the spam? Does it indeed start with 128? How are you figuring that the one particular email address is doing the spamming, just because it is in the From address, or what? At 02:04 PM 3/27/2013, you wrote: >When I tried telnet to the mail server from outside the network on port 25. >It let me connect with out authenticating. Should it have ? how can I >stop this . > >-----Original Message----- >From: Jon Myers [mailto:[email protected]] >Sent: Wednesday, March 27, 2013 1:12 PM >To: [email protected] >Subject: RE: [qmailtoaster] Relaying > >Did you really REMOVE sender_nocheck, or did you just set it to 0? I'm >guessing you should have just set it to 0. >Also, by nature, users should be allowed to relay, as thats how they >send mail, but of course they need to authenticate first, unless they >are coming from the local network, in which you can typically bypass checking. >After editing /etc/tcprules.d/tcp.smtp be sure to rebuild with >"/etc/init.d/qmail cdb" (Sorry if I'm pointing out the obvious, just >never know who knows what) Also, you specify: >128.:allow,RELAYCLIENT="" >which means anyone from 128.0.0.0/8 can freely relay. Is that really >what you want? The whole class A? > >If you telnet into your mail server from outside your network, can you >still relay without even logging in as a user? (Do you speak fluent >SMTP?) > > >At 12:44 PM 3/27/2013, Rvaught wrote: > >I tried removing sender_nocheck=1 and I am still relaying outside > >mail on that account. > > > > > > > >From: Helmut Fritz [mailto:[email protected]] > >Sent: Wednesday, March 27, 2013 12:18 PM > >To: [email protected] > >Subject: RE: [qmailtoaster] Relaying > > > >I believe sender_nockeck=1 is the issue? I think that turns off > >authentication for senders. others with a lot more expertise in tcp > >rules than I will hopefully confirm. > > > >From: Rvaught > >[<mailto:[email protected]>mailto:[email protected] > >] > >Sent: Wednesday, March 27, 2013 8:54 AM > >To: > ><mailto:[email protected]>qmailtoaster-list@qmailtoa > >ster.c >om > >Subject: [qmailtoaster] Relaying > > > >Somehow I have something setup wrong now and I am having spam being > >relayed thru my email server on one email account . I have changed > >their password. I think I have something wrong in my tcprules.d > >file . I want to allow local users to send mail but block relaying. > > > >I have : > >127.:allow,RELAYCLIENT="" > >192.:allow,RELAYCLIENT="" > >128.:allow,RELAYCLIENT="" > >:allow,BADMIMETYPE="",SENDER_NOCHECK="1",CHKUSER_RCPT_FORMAT="0",CHKU > >SER_SE >NDER_FORMAT="0",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="75",CHKUSER_WRONGR >CPTLI MIT="50",QMAILQUEUE="/var/qmail/bin/simscan" > > > >192 and 128 are my local networks. > > > > > >Rick > > > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: >[email protected] > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [email protected] >For additional commands, e-mail: >[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
