RE: [qmailtoaster] Re: Prevent sender from spoofing email address
Hi Hasan, Any update on working on this patch. I tried but didn’t succeed. With Regards, Amit Dalia From: Hasan Akgöz [mailto:hasanak...@mail.ru] Sent: 02 August 2014 17:10 To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Re: Prevent sender from spoofing email address Hi Guys; I've been misunderstood. Eric says I'm curious to know if there's a way to do this with postfix . I have to think about what you want to learn how to write. If there is not anything to compare with postix. In the meantime, my car is damaged lights, car lights change to change is not it make more sense :) . I read the source code a bit. I'm working on a patch.I will be sharing the results. good works. 2014-07-28 17:39 GMT+03:00 Eric Shubert e...@shubes.net mailto:e...@shubes.net : I already have the domain emailtoaster.com http://emailtoaster.com . :) -- -Eric 'shubes' On 07/28/2014 07:34 AM, Sebastian Grewe wrote: He does have a point there :D or just mail-toaster! On 28.07.2014, at 16:31, Dan McAllister q...@it4soho.com mailto:q...@it4soho.com wrote: On 7/27/2014 1:58 AM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. If we switch everything over to postfix, shouldn't we rename the project postfix-toaster? grin Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com mailto:qmailtoaster-list-h...@qmailtoaster.com --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
[qmailtoaster] Re: Prevent sender from spoofing email address
On 07/17/2014 04:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully .How to enforce sender/from address to be “logged_u...@test.com mailto:logged_u...@test.com” in Qmailtoaster ? Check out the new spamdyke v5.0. I think this has such a feature. I'm looking into implementing this new version on the submission port as well, to provide authentication functionality (instead of letting qmail handle it with a very old patch). Stay tuned. Thanks. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Prevent sender from spoofing email address
Hi Guys; I've been misunderstood. Eric says I'm curious to know if there's a way to do this with postfix . I have to think about what you want to learn how to write. If there is not anything to compare with postix. In the meantime, my car is damaged lights, car lights change to change is not it make more sense :) . I read the source code a bit. I'm working on a patch.I will be sharing the results. good works. 2014-07-28 17:39 GMT+03:00 Eric Shubert e...@shubes.net: I already have the domain emailtoaster.com. :) -- -Eric 'shubes' On 07/28/2014 07:34 AM, Sebastian Grewe wrote: He does have a point there :D or just mail-toaster! On 28.07.2014, at 16:31, Dan McAllister q...@it4soho.com wrote: On 7/27/2014 1:58 AM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. If we switch everything over to postfix, shouldn't we rename the project postfix-toaster? grin Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Prevent sender from spoofing email address
On 7/27/2014 1:58 AM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. If we switch everything over to postfix, shouldn't we rename the project postfix-toaster? grin Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Prevent sender from spoofing email address
He does have a point there :D or just mail-toaster! On 28.07.2014, at 16:31, Dan McAllister q...@it4soho.com wrote: On 7/27/2014 1:58 AM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. If we switch everything over to postfix, shouldn't we rename the project postfix-toaster? grin Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Prevent sender from spoofing email address
I already have the domain emailtoaster.com. :) -- -Eric 'shubes' On 07/28/2014 07:34 AM, Sebastian Grewe wrote: He does have a point there :D or just mail-toaster! On 28.07.2014, at 16:31, Dan McAllister q...@it4soho.com wrote: On 7/27/2014 1:58 AM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. If we switch everything over to postfix, shouldn't we rename the project postfix-toaster? grin Dan -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Prevent sender from spoofing email address
On 07/26/2014 10:58 PM, Eric Shubert wrote: On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. I should have refreshed my memory a little more thoroughly before sending this. I feel that the referenced patch is not suitable for QMT, because it cannot be applied across the board. IOW, it enforces a policy that can't be tailored per user. Please correct me if I'm wrong about this. Thanks. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Re: Prevent sender from spoofing email address
2014-07-18 20:52 GMT+03:00 Eric Shubert e...@shubes.net: more Hello ; Sorry for such a long time with no response ,mail filters have escaped me!. :( . Dan; I believe that it should be fixed. Amit ; I will test the patch with netqmail-1.06 Eric ; I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.?
[qmailtoaster] Re: Prevent sender from spoofing email address
On 07/26/2014 09:03 PM, Hasan Akgöz wrote: I have both postfix and qmail mail servers. smtpd_sender_login_maps ( for postfix) The controlled_envelope_senders table specifies the binding between a sender envelope address and the SASL login names that own that address. You can use regex ( pcre ) or mysql tables etc.. for it. in the meantime Why not suitable for QMT.? I believe that this is what I described as being practical (without knowing of this capability in postfix). It's not suitable for QMT largely because it would involve a fairly major change to vpopmail and qmail, which is something we simply don't have resources to do. Perhaps suitable wasn't the best term to use. That being said, I think we should add this to the reasons for switching to postfix at some point in the future for use as a submission server, if not all roles which use smtp (also mx and sending, which use smtp). Another reason for using postfix is that it can be configured to throttle outbound messages. This is something that could be patched into qmail-remote (as we've discussed and I've even written a spec for), but at this point I feel that whatever time is spent doing this might be better spent converting to postfix. Anyone care to share their thoughts about this? Thanks. -- -Eric 'shubes' - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Prevent sender from spoofing email address
I looked at this briefly, and determined it's not suitable for QMT. If something like this ever practical, it would need to be configrable on a per-user basis, as Dan sugggested. A few thoughts about this. First such a thing would be contrary to RFCs (not this this is a be-all end-all reason). Secondly, this moves in a direction that is actually *less* secure. A more secure setup would have the authentication ID be *different* than the email address. That way, malicious imposters would need to acquire the login id *and* password in order to crack an account. So you see, having a login ID that's different from the email address is actually a good thing, from a security stand point. Note, the authentication ID is frequently included in the message header, so it's not entirely hidden. I'm looking into that as well though, in a way that the last-4 of a credit card number is printed on receipts. If indeed the authentication ID is even really needed in message headers. Along the lines of controlling spoofing, it might be practical for a submission server to inquire from an authentication server, which sending addresses are allowed to be used by a given account. This could be specified as a list, and using wildcards. In that manner, some control of spoofing addresses would be practical. I'm curious to know if there's a way to do this with postfix. Anyone care to look into this? I know we have some postfix converts lurking here (and I truely appreciate that!). ;) Thanks. -- -Eric 'shubes' On 07/18/2014 06:37 AM, Amit Dalia wrote: Even I’m thinking this patch is needed. While searching I found one old patch for the same, but don’t know can we integrate the same in qmailtoaster. http://translate.google.co.in/translate?hl=ensl=tru=http://www.endersys.com.tr/blog/2009/12/16/qmail-from-address-and-smtp-auth-username-check-patch/prev=/search%3Fq%3Dqmail-from-address-and-smtp-auth-username-check-patch/%26client%3Dfirefox-a%26hs%3DKig%26rls%3Dorg.mozilla:en-US:official If anyone can look in this may be that is great. *Amit Dalia * *From:*Dan McAllister [mailto:q...@it4soho.com] *Sent:* 18 July 2014 18:44 *To:* qmailtoaster-list@qmailtoaster.com *Subject:* Re: [qmailtoaster] Prevent sender from spoofing email address On 7/17/2014 7:32 PM, Hasan Akgöz wrote: Hi Guys; allows SMTP authenticated users to put a fake email address in an email's sender field and the email is sent successfully ..How to enforce sender/from address to be “logged_u...@test.com mailto:logged_u...@test.com” in Qmailtoaster ? Hasan: I have brought this up before, and there are certain situations where you NEED for a single auth'd user to be able to send mail as anyone. Specifically, when you're using QMT as a filter or smart-host. So the short answer to your query is that it cannot be done. Once you are authenticated to the qmail-smtp program, it will take any email from you -- including email that is spoofed... Dan McAllister PS: I am with you if you believe there should be a way to configure that -- but that is not an option that I am aware of currently. -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! http://www.avast.com/ This email is free from viruses and malware because avast! Antivirus http://www.avast.com/ protection is active. - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
