Usually qmail-smtpd simply accept any sender, and then:

 * delivers always to any local address
 * relays to remote addresses only if sender ip is allowed to relay or
   if there has been a successful authentication phase before.

So, a standard 587 port accepts anything for local addresses and relays only if user is authenticated or IP allowed to relay.

To make this behaviour more rigid I added a flag in chkuser module (CHKUSER_EXTRA_MUSTAUTH_VARIABLE) which enables qmail-smtpd to accept only authenticated users for any type of destination address. As far as I remember, in this case chkuser should accept any sender, but will stop any destination address, writing both in logs.

See
http://opensource.interazioni.it/qmail/chkuser/documentation/chkuser_settings.html
http://opensource.interazioni.it/qmail/chkuser/documentation/faqs.html

for more informations on this flag.

Regards,

Tonino

Il 11/12/2019 21:40, Eric Broch ha scritto:

http://wiki.qmailtoaster.net/index.php/FAQs#I_see_a_message_in_my_smtp_log_that_states_.22User_and_password_not_set.2C_continuing_without_authentication.22._What_is_going_on.3F

On 12/11/2019 8:14 AM, Tahnan Al Anas wrote:
That I see in qmail send log

On Wed, 11 Dec 2019, 8:06 pm Eric Broch, <ebr...@whitehorsetc.com <mailto:ebr...@whitehorsetc.com>> wrote:

    What log?

    On 12/11/2019 1:26 AM, Tahnan Al Anas wrote:
    Hi Eric,

    Can you tell me why I am seeing all outgoing getting out with
    below log?

     success:
    User_and_password_not_set,_continuing_without_authentication./


    --
    --

    Best Regards
    Muhammad Tahnan Al Anas


    On Wed, Dec 11, 2019 at 1:25 AM <bhow...@teamft.com
    <mailto:bhow...@teamft.com>> wrote:

        I have checked out authentication with my submission port
        587 and I must authenticate before sending. However, I have
        entries in the log from a “bad guy IP address” which say
        “sender accepted” and its giving me heartburn.

        2019-12-10 02:43:04.376530500 CHKUSER accepted sender: from
        <someb...@somewhere.net::> <mailto:someb...@somewhere.net::>
        remote <4vFoWf3:unknown:64.225.41.10> rcpt <> : sender accepted

        2019-12-10 03:04:09.269688500 CHKUSER accepted sender: from
        <anotherb...@somewhere.net::>
        <mailto:anotherb...@somewhere.net::> remote
        <3aJfz4D7:unknown:64.225.41.10> rcpt <> : sender accepted

        (Note: the IP 64.255.41.10 is the real IP of the bad guy)

        There are no corresponding lines which say, “client allowed
        to relay”

        Note after the from address, there are two colons:
        <someb...@irtc.net::> <mailto:someb...@irtc.net::> . On all
        legitimate entries, there are no such double colons.

        How did this guy get that entry into my submission logs
        without authenticating?  Is this something I need to worry
        about?

        Any input would be really appreciated

        Boatner Howell

        Foundaton Technologies, LLC


--
------------------------------------------------------------
        Inter@zioni            Interazioni di Antonio Nati
   http://www.interazioni.it      to...@interazioni.it
------------------------------------------------------------

Reply via email to