Usually qmail-smtpd simply accept any sender, and then:

 * delivers always to any local address
 * relays to remote addresses only if sender ip is allowed to relay or
   if there has been a successful authentication phase before.

So, a standard 587 port accepts anything for local addresses and relays only if user is authenticated or IP allowed to relay.

To make this behaviour more rigid I added a flag in chkuser module (CHKUSER_EXTRA_MUSTAUTH_VARIABLE) which enables qmail-smtpd to accept only authenticated users for any type of destination address. As far as I remember, in this case chkuser should accept any sender, but will stop any destination address, writing both in logs.


for more informations on this flag.



Il 11/12/2019 21:40, Eric Broch ha scritto:

On 12/11/2019 8:14 AM, Tahnan Al Anas wrote:
That I see in qmail send log

On Wed, 11 Dec 2019, 8:06 pm Eric Broch, < <>> wrote:

    What log?

    On 12/11/2019 1:26 AM, Tahnan Al Anas wrote:
    Hi Eric,

    Can you tell me why I am seeing all outgoing getting out with
    below log?



    Best Regards
    Muhammad Tahnan Al Anas

    On Wed, Dec 11, 2019 at 1:25 AM <
    <>> wrote:

        I have checked out authentication with my submission port
        587 and I must authenticate before sending. However, I have
        entries in the log from a “bad guy IP address” which say
        “sender accepted” and its giving me heartburn.

        2019-12-10 02:43:04.376530500 CHKUSER accepted sender: from
        <> <>
        remote <4vFoWf3:unknown:> rcpt <> : sender accepted

        2019-12-10 03:04:09.269688500 CHKUSER accepted sender: from
        <> remote
        <3aJfz4D7:unknown:> rcpt <> : sender accepted

        (Note: the IP is the real IP of the bad guy)

        There are no corresponding lines which say, “client allowed
        to relay”

        Note after the from address, there are two colons:
        <> <> . On all
        legitimate entries, there are no such double colons.

        How did this guy get that entry into my submission logs
        without authenticating?  Is this something I need to worry

        Any input would be really appreciated

        Boatner Howell

        Foundaton Technologies, LLC

        Inter@zioni            Interazioni di Antonio Nati

Reply via email to