Usually qmail-smtpd simply accept any sender, and then:
* delivers always to any local address
* relays to remote addresses only if sender ip is allowed to relay or
if there has been a successful authentication phase before.
So, a standard 587 port accepts anything for local addresses and relays
only if user is authenticated or IP allowed to relay.
To make this behaviour more rigid I added a flag in chkuser module
(CHKUSER_EXTRA_MUSTAUTH_VARIABLE) which enables qmail-smtpd to accept
only authenticated users for any type of destination address. As far as
I remember, in this case chkuser should accept any sender, but will stop
any destination address, writing both in logs.
See
http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html
http://opensource.interazioni.it/qmail/chkuser/documentation/faqs.html
for more informations on this flag.
Regards,
Tonino
Il 11/12/2019 21:40, Eric Broch ha scritto:
http://wiki.qmailtoaster.net/index.php/FAQs#I_see_a_message_in_my_smtp_log_that_states_.22User_and_password_not_set.2C_continuing_without_authentication.22._What_is_going_on.3F
On 12/11/2019 8:14 AM, Tahnan Al Anas wrote:
That I see in qmail send log
On Wed, 11 Dec 2019, 8:06 pm Eric Broch, <[email protected]
<mailto:[email protected]>> wrote:
What log?
On 12/11/2019 1:26 AM, Tahnan Al Anas wrote:
Hi Eric,
Can you tell me why I am seeing all outgoing getting out with
below log?
success:
User_and_password_not_set,_continuing_without_authentication./
--
--
Best Regards
Muhammad Tahnan Al Anas
On Wed, Dec 11, 2019 at 1:25 AM <[email protected]
<mailto:[email protected]>> wrote:
I have checked out authentication with my submission port
587 and I must authenticate before sending. However, I have
entries in the log from a “bad guy IP address” which say
“sender accepted” and its giving me heartburn.
2019-12-10 02:43:04.376530500 CHKUSER accepted sender: from
<[email protected]::> <mailto:[email protected]::>
remote <4vFoWf3:unknown:64.225.41.10> rcpt <> : sender accepted
2019-12-10 03:04:09.269688500 CHKUSER accepted sender: from
<[email protected]::>
<mailto:[email protected]::> remote
<3aJfz4D7:unknown:64.225.41.10> rcpt <> : sender accepted
(Note: the IP 64.255.41.10 is the real IP of the bad guy)
There are no corresponding lines which say, “client allowed
to relay”
Note after the from address, there are two colons:
<[email protected]::> <mailto:[email protected]::> . On all
legitimate entries, there are no such double colons.
How did this guy get that entry into my submission logs
without authenticating? Is this something I need to worry
about?
Any input would be really appreciated
Boatner Howell
Foundaton Technologies, LLC
--
------------------------------------------------------------
Inter@zioni Interazioni di Antonio Nati
http://www.interazioni.it [email protected]
------------------------------------------------------------
