Re: [qmailtoaster] spam
Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks - Original Message - From: Jake Vickers To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, April 08, 2010 5:53 PM Subject: Re: [qmailtoaster] spam On 04/08/2010 04:21 PM, madmac wrote: Well anyone that can guess my passwords must be amazing. Let alone get through the elaborate firewall system. ssh port is non standard But I agree, this box is compromised some how File count now at 9580 and counting Are all of the files that are infected from mailboxes? It does sound like your machine has been compromised. If you leave Squirrelmail open (ie: no protection against password attacks) or have other webapps running then this is the most likely place for them to get in. Once they have an account's login credentials, they can upload things to themselves and run them (don't ask me how - I never looked at how they did it - I just fixed it) and then brute force passwords from the local machine to obtain other access or whatever they are looking to do. I had one a year or so back where a guy installed phpbb - when he came in the next day someone had emailed him his root password. He reinstalled and put phpbb back on and had his machine compromised in about 2 hours after that.
Re: [qmailtoaster] Re: spam
no other web apps running. It's easy enough to configure squirrelmail to authenticate (and use port 587). Can you show me how plesae eric. Thanks - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Thursday, April 08, 2010 7:49 PM Subject: [qmailtoaster] Re: spam Jake Vickers wrote: On 04/08/2010 04:21 PM, madmac wrote: Well anyone that can guess my passwords must be amazing. Let alone get through the elaborate firewall system. ssh port is non standard But I agree, this box is compromised some how File count now at 9580 and counting Are all of the files that are infected from mailboxes? It does sound like your machine has been compromised. If you leave Squirrelmail open (ie: no protection against password attacks) or have other webapps running then this is the most likely place for them to get in. Once they have an account's login credentials, they can upload things to themselves and run them (don't ask me how - I never looked at how they did it - I just fixed it) and then brute force passwords from the local machine to obtain other access or whatever they are looking to do. I had one a year or so back where a guy installed phpbb - when he came in the next day someone had emailed him his root password. He reinstalled and put phpbb back on and had his machine compromised in about 2 hours after that. Good thoughts. Others: If you have web apps (other than qmt) running on the host, I'd get rid of the 127.: line in tcp.smtp and see if that blocks it. It's easy enough to configure squirrelmail to authenticate (and use port 587). If you have users that are not using TLS/SSL with pop3 and/or imap, it's possible that their account logins have been compromised. It does happen. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Error : 571 sorry, you are violating our security policies
I need to allow a particular IP to send unlimited emails thru our qmail toaster server. We have the following line in the tcp.smtp file. 220.xxx.yyy.zzz.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/ %/private,RBLSMTPD=,NOP0FCHECK=1 After a few messages I am getting the following error. RCPT TO:someb...@gmail.com 571 sorry, you are violating our security policies (#5.7.1 - chkuser) ((|2|00096N01-BC|09-Apr-10|1011008|BC|someb...@gmail.com|))571 sorry, you are violating our security policies (#5.7.1 - chkuser) MAIL FROM:u...@domain.com AUTH=u...@domain.com 250 ok I need to allow this IP to send about 2000 messages in a stretch. How do I resolve this issue? Your help is much appreciated. Biju Jose Mobile : +91 9895 990 272
[qmailtoaster] Re: Error : 571 sorry, you are violating our security policies
Biju Jose wrote: I need to allow a particular IP to send unlimited emails thru our qmail toaster server. We have the following line in the tcp.smtp file. 220.xxx.yyy.zzz.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1 After a few messages I am getting the following error. RCPT TO:someb...@gmail.com 571 sorry, you are violating our security policies (#5.7.1 - chkuser) ((|2|00096N01-BC|09-Apr-10|1011008|BC|someb...@gmail.com|))571 sorry, you are violating our security policies (#5.7.1 - chkuser) MAIL FROM:u...@domain.com AUTH=u...@domain.com 250 ok I need to allow this IP to send about 2000 messages in a stretch. How do I resolve this issue? Your help is much appreciated. *Biju Jose* Mobile : +91 9895 990 272 Refer to the chkuser web site (http://www.interazioni.it/opensource/chkuser/), and the /var/qmail/doc/chkuser.h file for QMT settings. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: spam
madmac wrote: no other web apps running. It's easy enough to configure squirrelmail to authenticate (and use port 587). Can you show me how plesae eric. Thanks Add/change these lines in /etc/squirrelmail/config_local.php: $smtpPort = 587; $smtp_auth_mech = 'login'; -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: spam
You should secure squirrelmail so that it only runs with https, so that passwords are not sent in the clear. To do so, configure apache with a valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate), then add these lines to your /etc/http/squirrelmail.conf file: RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R] Then # service httpd restart madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks - Original Message - *From:* Jake Vickers mailto:j...@qmailtoaster.com *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Sent:* Thursday, April 08, 2010 5:53 PM *Subject:* Re: [qmailtoaster] spam On 04/08/2010 04:21 PM, madmac wrote: Well anyone that can guess my passwords must be amazing. Let alone get through the elaborate firewall system. ssh port is non standard But I agree, this box is compromised some how File count now at 9580 and counting Are all of the files that are infected from mailboxes? It does sound like your machine has been compromised. If you leave Squirrelmail open (ie: no protection against password attacks) or have other webapps running then this is the most likely place for them to get in. Once they have an account's login credentials, they can upload things to themselves and run them (don't ask me how - I never looked at how they did it - I just fixed it) and then brute force passwords from the local machine to obtain other access or whatever they are looking to do. I had one a year or so back where a guy installed phpbb - when he came in the next day someone had emailed him his root password. He reinstalled and put phpbb back on and had his machine compromised in about 2 hours after that. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Re: Error : 571 sorry, you are violating our security policies
-Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, April 09, 2010 9:24 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Error : 571 sorry, you are violating our security policies Biju Jose wrote: I need to allow a particular IP to send unlimited emails thru our qmail toaster server. We have the following line in the tcp.smtp file. 220.xxx.yyy.zzz.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/ %/private,RBLSMTPD=,NOP0FCHECK=1 After a few messages I am getting the following error. RCPT TO:someb...@gmail.com 571 sorry, you are violating our security policies (#5.7.1 - chkuser) ((|2|00096N01-BC|09-Apr-10|1011008|BC|someb...@gmail.com|))571 sorry, you are violating our security policies (#5.7.1 - chkuser) MAIL FROM:u...@domain.com AUTH=u...@domain.com 250 ok I need to allow this IP to send about 2000 messages in a stretch. How do I resolve this issue? Your help is much appreciated. *Biju Jose* Mobile : +91 9895 990 272 Refer to the chkuser web site (http://www.interazioni.it/opensource/chkuser/), and the /var/qmail/doc/chkuser.h file for QMT settings. -- -Eric 'shubes' Thanks for the directions Eric. I had checked at http://www.interazioni.it/opensource/chkuser/documentation/chkuser_settings. html and found the error is triggered by the following. CHKUSER_MAXWRONGRCPT_STRING 2.0.5 defined 571 sorry, you are violating our security policies (#5.1.1 - chkuser)\r\n CHKUSER_INTRUSIONTHRESHOLD_STRING 2.0.5 defined 571 sorry, you are violating our security policies (#5.7.1 - chkuser)\r\n Here I know for sure that the email ids all are valid as it was being delivered till we switched it to the qmailtoaster. Each email has only one recipient with a PDF file as attachment. So I guess I am left with CHKUSER_INTRUSIONTHRESHOLD_STRING . On this page (http://blog.gmane.org/gmane.mail.qmail.toaster/month=20071101/page=1 )there is a suggestion to change CHKUSER_RCPTLIMIT=200, CHKUSER_WRONGRCPTLIMIT=200 and then qmailctl cdb , qmailctl stop and qmailctl start. I had done this, need to test tomorrow and shall revert. Thanks Biju Jose - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Error : 571 sorry, you are violating our security policies
Biju Jose wrote: -Original Message- From: Eric Shubert [mailto:e...@shubes.net] Sent: Friday, April 09, 2010 9:24 PM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Error : 571 sorry, you are violating our security policies Biju Jose wrote: I need to allow a particular IP to send unlimited emails thru our qmail toaster server. We have the following line in the tcp.smtp file. 220.xxx.yyy.zzz.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/ %/private,RBLSMTPD=,NOP0FCHECK=1 After a few messages I am getting the following error. RCPT TO:someb...@gmail.com 571 sorry, you are violating our security policies (#5.7.1 - chkuser) ((|2|00096N01-BC|09-Apr-10|1011008|BC|someb...@gmail.com|))571 sorry, you are violating our security policies (#5.7.1 - chkuser) MAIL FROM:u...@domain.com AUTH=u...@domain.com 250 ok I need to allow this IP to send about 2000 messages in a stretch. How do I resolve this issue? Your help is much appreciated. *Biju Jose* Mobile : +91 9895 990 272 Refer to the chkuser web site (http://www.interazioni.it/opensource/chkuser/), and the /var/qmail/doc/chkuser.h file for QMT settings. I believe you can change these settings by adding variables to your tcp.smtp line, e.g.: 220.xxx.yyy.zzz.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/ %/private,RBLSMTPD=,NOP0FCHECK=1,CHKUSER_WRONGRCPTLIMIT=200 I'm guessing you're right, that you're receiving the CHKUSER_INTRUSIONTHRESHOLD_STRING message. I don't know what triggers this message. You can use the above method to change the message text in order to verify that this is the error you're getting. I'm a little surprised that error message descriptions aren't unique. You might want to write to Antonio Nati (chkuser's author mailto:to...@interazioni.it) for clarification, or just check the source code. Let us know how you make out. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] spam
On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well.
Re: [qmailtoaster] Re: spam
Thanks Eric and Jake, Will test fail2ban also on a VM - Original Message - From: Eric Shubert e...@shubes.net To: qmailtoaster-list@qmailtoaster.com Sent: Friday, April 09, 2010 10:09 AM Subject: [qmailtoaster] Re: spam You should secure squirrelmail so that it only runs with https, so that passwords are not sent in the clear. To do so, configure apache with a valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate), then add these lines to your /etc/http/squirrelmail.conf file: RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R] Then # service httpd restart madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks - Original Message - *From:* Jake Vickers mailto:j...@qmailtoaster.com *To:* qmailtoaster-list@qmailtoaster.com mailto:qmailtoaster-list@qmailtoaster.com *Sent:* Thursday, April 08, 2010 5:53 PM *Subject:* Re: [qmailtoaster] spam On 04/08/2010 04:21 PM, madmac wrote: Well anyone that can guess my passwords must be amazing. Let alone get through the elaborate firewall system. ssh port is non standard But I agree, this box is compromised some how File count now at 9580 and counting Are all of the files that are infected from mailboxes? It does sound like your machine has been compromised. If you leave Squirrelmail open (ie: no protection against password attacks) or have other webapps running then this is the most likely place for them to get in. Once they have an account's login credentials, they can upload things to themselves and run them (don't ask me how - I never looked at how they did it - I just fixed it) and then brute force passwords from the local machine to obtain other access or whatever they are looking to do. I had one a year or so back where a guy installed phpbb - when he came in the next day someone had emailed him his root password. He reinstalled and put phpbb back on and had his machine compromised in about 2 hours after that. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: spam
Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: spam
On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: spam
Jake Vickers wrote: On 04/09/2010 05:26 PM, Eric Shubert wrote: Jake Vickers wrote: On 04/09/2010 11:25 AM, madmac wrote: Is there then a way to secure squirrelmail, or any other webmail prog. This is a default install of qmail with the ISO. Not having it is not an option, as most of the clients can only use webmail as they are on the road daily. Thanks I use fail2ban to monitor for brute-force attacks. Works on pop3 as well. fail2ban is good for brute-force attacks all right, but useless if a password is sniffed. Best to be sure that no passwords travel the internet in the clear. True - I run everything using SSL myself. I normally do not see too many passwords sniffed. I can provide gigs worth of logs of brute force attempts. ;) Yeah, I've only seen pw sniffed once. Lots of script kiddies out there though. I shut off pop3 entirely, and users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or SMTP for that matter (doesn't mean there haven't been any though). -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Mail flow of qmail
Hi, Could you guid mail flow of Qmail in details. Thanks and Regards, Nilesh
Re: [qmailtoaster] Mail flow of qmail
Dnia 2010-04-10, sob o godzinie 10:42 +0530, Neelesh pisze: Hi, Could you guid mail flow of Qmail in details. Thanks and Regards, Nilesh Look at big qmail picture http://www.nrg4u.com/ and http://www.qmail.org/top.html -- Pozdrawiam / Regards, Aleksander Podsiadły - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com