Re: Stopping server relays
Make -- Thanks I'll take at look at it Dave > What i use, that works good as I'm hosting mail domains for a few > friends who all have dynamic IP's, rather than allow the world to send, > I use the vpopmail roaming users option. It implements a pop-before-smtp > method of authing SMTP. As of yet, i havent gotten it to > IMAP-before-smtp, however the only person who probably even knows IMAP > exists, is myself, and I'm on the same lan as it is. very easy to add > 192.168.100.* :) > > I reccommend you check that out. Plus there are other patches to qmail > itself, not requiring vpopmail from inter7. > The url for vpopmail is www.inter7.com. > > Mike > > -- > Mike Hodson <[EMAIL PROTECTED]> >
Re: Stopping server relays
Greg -- Thanks for your reply... this has me somewhat perplexed? There is no other boxes Windoz or other wise on pickledbeans.com if that's what you mean? Just me and my 24K dailup to Qwest.net?? > 1. control/rcpthosts empty. /var/qmail/crontrol/rcpthosts : mail.pickledbeans.com # box sitting on my desk pickledbeans.com# domain mapped -> mail.pickledbeans.com (dyndns) > 2. RELAYCLIENT set for all/wrong addresses in /etc/tcp.smtp[.cdb] > (or wherever you keep that file) if using tcpserver not using tcpserver > 3. RELAYCLIENT set for all addresses in /etc/hosts.allow if using inetd. /etc/hosts.allow is emtpy /etc/hosts.deny is empty /etc/host.equiv: localhost mail.pickledbeans.com pickledbeans.com > 4. An insecure .cgi script on your machine (not possible if not running > a cgi-capable webserver on your mail host), and RELAYCLIENT set for > localhost. > I suppose it could be except I only have one cgi script a simple chat room thing? Thanks again for you time David Jackson
Stopping server relays
Greetings --- How can I stop my server from being used to relay mail? I got an email from a admin somewhere claiming that emails were being sent from my server with virus attached? It's only me and one other person has access to this box? Related question could this be the source of the [EMAIL PROTECTED] (I set up an .qmail-52 aliases to try to catch these emails) This question is part of the Forged Emails post I sent eailer from [EMAIL PROTECTED] Thanks, David Jackson
Re: Forged headers (email)
Sorry -- Here's the orginal email: eturn-Path: <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Received: (qmail 17743 invoked by alias); 23 Jul 2001 04:52:05 - Delivered-To: [EMAIL PROTECTED] Received: (qmail 17739 invoked from network); 23 Jul 2001 04:52:04 - Received: from quarantine1.messagelabs.com (195.216.16.211) by mdialup92.dnvr.uswest.net with SMTP; 23 Jul 2001 04:52:04 - Received: (qmail 3004 invoked by uid 0); 17 Jul 2001 12:45:32 - Date: 17 Jul 2001 12:45:32 - Message-ID: <[EMAIL PROTECTED]> To: abuse@[206.196.128.6], postmaster@[206.196.128.6], abuse@[209.180.243.92], postmaster@[209.180.243.92], Subject: Hybris virus originating from your IP address From: [EMAIL PROTECTED] Content-Length: 1527 Lines: 37 Hi, I work for an ISP, and we have detected the Hybris virus originating in emails coming from your mail server. The emails have a forged sender address, and therefore we are unable to contact the message sender directly. I would therefore be grateful if you could trace and contact the message sender from the original email headers supplied below and politely inform them that they have a virus infection, and ask them to stop sending the virus. By the way, it is unlikely that the sender is aware that they are sending these emails. This is part of the effect of the virus. Please could you inform me of the result, using the email address below (replying to this email using the reply button will cause your email to go to an account which catches domains with no postmaster address) Regards, Alex Shipp Virus Technologist [EMAIL PROTECTED] - Our ref: 502982_995372476 Received: (qmail 6105 invoked from network); 17 Jul 2001 12:21:15 - Received: from dnvrpop4.dnvr.uswest.net (206.196.128.6) by server-12.tower-4.starlabs.net with SMTP; 17 Jul 2001 12:21:15 - Received: (qmail 43445 invoked by uid 0); 17 Jul 2001 12:22:45 - Received: from mdialup92.dnvr.uswest.net (HELO ea21i) (209.180.243.92) by dnvrpop4.dnvr.uswest.net with SMTP; 17 Jul 2001 12:22:45 - From: "Hahaha" <[EMAIL PROTECTED]> Subject: Snowhite and the Seven Dwarfs - The REAL story! MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--VESDANSDIVCXEJ01MRGTAJ" On Mon, Jul 23, 2001 at 05:10:51PM +0200, Johan Almqvist wrote: > * David J Jackson <[EMAIL PROTECTED]> [010723 16:41]: > > I got the following email claiming someone is using emails containing > > vivrus from my domain ?pickedbeans.com? using a forged header? Does that > > mean the mail is being routed threw my server? > > You forgot the attachment... > > -Johan > -- > Johan Almqvist > http://www.almqvist.net/johan/qmail/
Forged headers from me ??
Greeting -- I got the following email claiming someone is using emails containing vivrus from my domain ?pickedbeans.com? using a forged header? Does that mean the mail is being routed threw my server? How to can confirm this and what can I do prevent it the furture ... Thanks, David
The mythical 52@pickledbeans.com
Greetings --- This is the second email address [EMAIL PROTECTED] (my local box), who of course doesn't exist both from @list_dommain_or_another? Am I missing something here? A well known secruity flaw in some email systems? There's no 50,51 or 53 ... just [EMAIL PROTECTED]? Also What danger would there be in creating an 52 user and see what I catch. The funny part is I jus sittinging up with my little ol' box routing mail via qmail and dyndns.org with a dommain I registerd about 10 days ago. Thanks for you comments and time. David -- /var/adm/messages Jul 20 08:33:06 mail qmail: 995639586.145650 new msg 295160 Jul 20 08:33:06 mail qmail: 995639586.145976 info msg 295160: bytes 13671 from < [EMAIL PROTECTED]> qp 27362 uid 1011 Jul 20 08:33:06 mail qmail: 995639586.152440 starting delivery 39: msg 295160 to local [EMAIL PROTECTED] Jul 20 08:33:06 mail qmail: 995639586.152707 status: local 1/10 remote 0/20 Jul 20 08:33:06 mail qmail: 995639586.175271 delivery 39: failure: Sorry,_no_mai lbox_here_by_that_name._(#5.1.1)/
Mail from Listbot.com ?????
What is this someone trying to spam me or worse? Thanks, David Jackson Jul 20 00:56:58 mail qmail: 995612218.207147 info msg 295259: bytes 131135 from <[EMAIL PROTECTED]> qp 26707 uid 1011 Jul 20 00:56:58 mail qmail: 995612218.215115 starting delivery 24: msg 295259 to local [EMAIL PROTECTED] Jul 20 00:56:58 mail qmail: 995612218.215376 status: local 1/10 remote 0/20 Jul 20 00:56:58 mail qmail: 995612218.236106 delivery 24: failure: Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/ Jul 20 00:56:58 mail qmail: 995612218.236386 status: local 0/10 remote 0/20 Jul 20 00:56:58 mail qmail: 995612218.284197 bounce msg 295259 qp 26710 Jul 20 00:56:58 mail qmail: 995612218.286992 end msg 295259 Jul 20 00:56:58 mail qmail: 995612218.291989 new msg 295263 Jul 20 00:56:58 mail qmail: 995612218.295765 info msg 295263: bytes 131745 from <> qp 26710 uid 1016 Jul 20 00:56:58 mail qmail: 995612218.302560 starting delivery 25: msg 295263 to remote [EMAIL PROTECTED] Jul 20 00:56:58 mail qmail: 995612218.306159 status: local 0/10 remote 1/20 Jul 20 00:57:38 mail qmail: 995612258.319893 delivery 25: success: 204.71.191.253_accepted_message./Remote_host_said:_250_ok_995612611_qp_1264/ Jul 20 00:57:38 mail qmail: 995612258.323824 status: local 0/10 remote 0/20 Jul 20 00:57:38 mail qmail: 995612258.327443 end msg 295263
Resolved: pickledbeans.com
All -- As can be seen from the from line messages are now sent to and from picklebeans.com :) The sulution was a combination of: 1) Changing MX record at dyndns.org 2) Adding picklebeans.com to defaulthost and defaultdomain (Thanks Lakus) 2) and a ...changing my ~/.muttrc "set hostname = pickledbeans.com", I noticed on my other test acount the From: line was corrrect Comments - I am amazed at how easily it is to setup a mail server with qmail. I'm setting up in in the moutains was of Denver, CO (US) with 24K dailup connection to QWest, AMD 400 K6/2 box running Slackware Linux(7.1) and a "dynamic DNS" service provided by www.dyndns.org !! All I needed was qmail a couple of Linux-Howto, INSTALL. And I was 99% to where I wanted to be. Finaly one email to this list and I'm at 100%. I had no prior experience (or success) setting up mail services/software !!
External: pickledbeans.com -->mail.pickledbeans.com
Greetings -- Do I need virtual domain or MASQ here? I've got basic email (qmail-1.3) server setup via dyndns.org the setup looks like this: dnydns.org: -- domainname: pickledbeans.com hostname: mail.pickledbeans.com mx: mail.pickledbeans.com What I want is internet mail addressed to picklebeans.com not mail.pickledbeans.com for all users? Thanks for you time, David Jackson
gnu-pop3d[7685]: Incoming connection opened
Is this incomming mail from qmail list: David Jackson nslookup: Name:msfe10.onebox.com Address: 64.68.76.141 Aliases: 141.76.68.64.in-addr.arpa /var/adm/messages: Jul 17 11:12:46 mail gnu-pop3d[7685]: connect from 64.68.76.141 Jul 17 11:12:46 mail gnu-pop3d[7685]: Incoming connection opened Jul 17 11:12:48 mail gnu-pop3d[7685]: Session ended for no user
