Re: Not quite mail relay
Hello Derrick, Monday, September 15, 2003, 10:57:57 AM, you wrote: D> I think I figured it out. The qmail-smtpd.c patch for SMTP AUTH had an D> exploit. It did require authentications, but it didn't care what D> credentials you threw at it, so long as you sent something. Yes, there are/were a few SMTP auth patches put up by people who did not fully give the correct instructions on how to install with regards to the smtpd run file. qmail by itself has never had a security breach. Chances are you have a misconfigured qmail-smtpd run file, which some of these sites for patches have put up erroneously, causing this error. an explanation and fix is in the thread of http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2 Or, you can do the following: If you have the current source code and the patch you applied, you should be able to use "patch -R" to apply the patch in reverse, which will essentially remove it from qmail. If you don't know what qmail patches you have, it's probably best to re-install from scratch, so in the future you know how your system is configured. It just takes a few minutes to install from source. D> On that note, does anyone know of a way to get SMTP AUTH working with D> qmail without being an accidental relay? See above link for probable fix, or Yes, install qmail from source, run make setup check, and pick a good auth patch from lifewithqmail.org A good one is http://members.elysium.pl/brush/qmail-smtpd-auth/index.html -- Best regards, Gary ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Not quite mail relay
I think I figured it out. The qmail-smtpd.c patch for SMTP AUTH had an exploit. It did require authentications, but it didn't care what credentials you threw at it, so long as you sent something. On that note, does anyone know of a way to get SMTP AUTH working with qmail without being an accidental relay? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Not quite mail relay
Hi Derrick, --On Saturday, September 13, 2003 05:10:17 PM -0700 Derrick Ryalls <[EMAIL PROTECTED]> wrote: No they don't. Email admims look at the last sender IP address in the headers, which is the only valid address, all others are usually forged. What I am referring to is the unable to deliver email that qmail sends to hotmail has an unknown user. If it is his qmail server, then someone is probably relaying through him. He can determine this through his logs. If someone is just using one of his email addresses, and he is not a relay, then he is getting Joe-Jobbed.. You have not determined this yet. Hotmail then bounces the mail back to my brother's server as an undeliverable, and since it is then a double bounce, it lands in my brother's inbox (mailer-daemon goes to him). Today, he has received over 6000 bounced msgs. Okay, if your question is only - how do I stop double bounces from getting into my system, then here is the answer. 1. Change the /var/qmail/control/doublebounceto file to read only one line saying "obvilion" (without the quotes) 2. Set up an alias in the /var/qmail/alias dir, and make a file called .qmail-obvilion 3. Edit the file and put in a "#" (no quotes) on one line by itself. Now, all double bounces with be directed to nowhere, and dissappear. Yes, but you have to provide more info rather than speculate on what you are having a problem with. Are you an open relay? Check your logs? If so, something is not configured properly. If you are just getting bounces from your own domain, and someone is forging your domain as the sender or return address in their spam, that is called a Joe-Job. In the /var/qmail/control, only his domains are listed. That would be /var/qmail/control/rcpthosts file. If he does not have that file, he is an open relay and sitting duck. In tcp.rules, only localhost can relay email. Normal clients can only send mail with SMTP-ATUH. There is no tcp.rules file in qmail. The local file is called /var/qmail/control/locals, and local host and his domain(s) should be listed there, but not virtual domains. As above, if he does not check his logs, and read his headers, he has no way of knowing if he is relaying, or suffering from a Joe-Job. There are other ways spammers try to get in, and if he is running a web server, have him also check to make sure he is not running formmail.cgi or pl -- Gary ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Not quite mail relay
> > D> Ex. > > D> To: [EMAIL PROTECTED] > D> From: [EMAIL PROTECTED] > > D> hotmail ends up with a ton of bounce msgs > > Bounces are a normal part of email life. > > D> and thinks the server is a relay. > > No they don't. Email admims look at the last sender IP > address in the headers, which is the only valid address, all > others are usually forged. What I am referring to is the unable to deliver email that qmail sends to hotmail has an unknown user. Hotmail then bounces the mail back to my brother's server as an undeliverable, and since it is then a double bounce, it lands in my brother's inbox (mailer-daemon goes to him). Today, he has received over 6000 bounced msgs. > > D> Qmail is the mail server, but I was hoping someone would have an > D> idea. > > Yes, but you have to provide more info rather than speculate > on what you are having a problem with. Are you an open > relay? Check your logs? If so, something is not configured > properly. If you are just getting bounces from your own > domain, and someone is forging your domain as the sender or > return address in their spam, that is called a Joe-Job. In the /var/qmail/control, only his domains are listed. In tcp.rules, only localhost can relay email. Normal clients can only send mail with SMTP-ATUH. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Not quite mail relay
Hello Derrick, Saturday, September 13, 2003, 12:02:01 PM, you wrote: D> I am looking for a way to further secure a mail server. A mail server is either secure or not, not half way... it's like being half pregnant. If you installed qmail properly and from lifewithqmail.org it is secure by default. D> It isn't an open rely, but when others try to use it as such with bad D> return addresses, a small flood of rejection mail end up on the bad D> addressed server. Is it at your server? If not so .. Spammers forge return addresses all the time. This has nothing to do with qmail. If they are using a forged return address, they are not using your server. D> Ex. D> To: [EMAIL PROTECTED] D> From: [EMAIL PROTECTED] D> hotmail ends up with a ton of bounce msgs Bounces are a normal part of email life. D> and thinks the server is a relay. No they don't. Email admims look at the last sender IP address in the headers, which is the only valid address, all others are usually forged. D> How would I go about just dropping those msgs completely? Are you saying you are getting bounced messages from your domain, or are you getting messages from hotmail, just what are you saying.. Are they coming from one source, one From sender, what? D> Qmail is the mail server, but I was hoping someone would have an idea. Yes, but you have to provide more info rather than speculate on what you are having a problem with. Are you an open relay? Check your logs? If so, something is not configured properly. If you are just getting bounces from your own domain, and someone is forging your domain as the sender or return address in their spam, that is called a Joe-Job. -- Best regards, Gary ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
