Re: [spamdyke-users] How can I force users to USE the right SMTPserver ?
A bug! The "not-local" value for "reject-sender" is being bypassed by authentication, which was not the intent. I've created a patch to fix it: http://spamdyke.org/beta/5.0.2/spamdyke-5.0.2-beta1-reject_sender_not_local.patch You can apply it like this: cd /path/to/src/spamdyke-5.0.1 patch -p0 < /path/to/patch/spamdyke-5.0.2-beta1-reject_sender_not_local.patch make Then copy the new binary into place. Thank you very much for reporting this! -- Sam Clippinger On Nov 4, 2016, at 7:24 AM, Sam Clippinger via spamdyke-users wrote: > I'm not sure I completely understand your setup, so yes, I think the full log > might be helpful. You can send it to me directly if you don't want to post > it to the list. > > -- Sam Clippinger > > > > > On Nov 1, 2016, at 9:33 AM, Pablo Murillo wrote: > >> Yes, I hace rcpthosts and morercpthosts for each jail with only the local >> domains >> >> The " reject-sender= not-local " works fine with domains bypassing de MXs >> and sent directly to the server >> >> I activated " log-level=debug " and " full-log-dir " to have more >> information >> >> I noticed that rcpthosts and morercpthosts are not appearing in the "current >> config" >> >> Do you want to see the full-log ? >> >> >> >> ----- Original Message - From: "Sam Clippinger via spamdyke-users" >> >> To: "spamdyke users" >> Sent: Tuesday, November 01, 2016 9:14 AM >> Subject: Re: [spamdyke-users] How can I force users to USE the right >> SMTPserver ? >> >> >> It sounds like "reject-sender" is the right option... if it's not working, I >> would look at qmail's configuration. spamdyke uses qmail's rcpthosts and >> morercpthosts files to decide what addresses are "local" -- is there a >> separate copy of qmail for each server/jail with different configurations? >> >> -- Sam Clippinger >> >> >> >> >> On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users >> wrote: >> >>> Hi >>> >>> I will try to explain the subject >>> We use Qmail, VpopMail and Spamdyke >>> We have multiple servers with jails with multiple domains, we have smtp >>> servers configured in all the jails, in all the servers >>> Every jail has an smtp server running with auth over spamdyke, and today >>> (after a lot of years) we find that everyone can send mail using the >>> rights >>> credential to any of our servers >>> I know, they are using valid credentials, but if a password is hacked, the >>> spamers can login in every server to send mail using this credential >>> So, the questions is: How can I force the users to use ONLY his smtp to >>> send >>> mails ? >>> >>> I think that " reject-sender = not-local " will work, but, no, only work >>> if >>> the user don't authenticate >>> >>> May be is a filter order ? >>> I asked something similar to this and the solution was that I have to >>> manually change the order in the source code >>> >>> Is there other way ? >>> May be, if the filter order can be altered without changing the source >>> code >>> ? >>> >>> It´s a challenge ? :D >>> >>> >>> Pablo Murillo >>> >>> ___ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> >> >> >> >> >> >>> ___ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> > > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] How can I force users to USE the right SMTPserver ?
I'm not sure I completely understand your setup, so yes, I think the full log might be helpful. You can send it to me directly if you don't want to post it to the list. -- Sam Clippinger On Nov 1, 2016, at 9:33 AM, Pablo Murillo wrote: > Yes, I hace rcpthosts and morercpthosts for each jail with only the local > domains > > The " reject-sender= not-local " works fine with domains bypassing de MXs > and sent directly to the server > > I activated " log-level=debug " and " full-log-dir " to have more > information > > I noticed that rcpthosts and morercpthosts are not appearing in the "current > config" > > Do you want to see the full-log ? > > > > - Original Message - From: "Sam Clippinger via spamdyke-users" > > To: "spamdyke users" > Sent: Tuesday, November 01, 2016 9:14 AM > Subject: Re: [spamdyke-users] How can I force users to USE the right > SMTPserver ? > > > It sounds like "reject-sender" is the right option... if it's not working, I > would look at qmail's configuration. spamdyke uses qmail's rcpthosts and > morercpthosts files to decide what addresses are "local" -- is there a > separate copy of qmail for each server/jail with different configurations? > > -- Sam Clippinger > > > > > On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users > wrote: > >> Hi >> >> I will try to explain the subject >> We use Qmail, VpopMail and Spamdyke >> We have multiple servers with jails with multiple domains, we have smtp >> servers configured in all the jails, in all the servers >> Every jail has an smtp server running with auth over spamdyke, and today >> (after a lot of years) we find that everyone can send mail using the >> rights >> credential to any of our servers >> I know, they are using valid credentials, but if a password is hacked, the >> spamers can login in every server to send mail using this credential >> So, the questions is: How can I force the users to use ONLY his smtp to >> send >> mails ? >> >> I think that " reject-sender = not-local " will work, but, no, only work >> if >> the user don't authenticate >> >> May be is a filter order ? >> I asked something similar to this and the solution was that I have to >> manually change the order in the source code >> >> Is there other way ? >> May be, if the filter order can be altered without changing the source >> code >> ? >> >> It´s a challenge ? :D >> >> >> Pablo Murillo >> >> ___ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > > > > > >> ___ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] How can I force users to USE the right SMTPserver ?
Yes, I hace rcpthosts and morercpthosts for each jail with only the local domains The " reject-sender= not-local " works fine with domains bypassing de MXs and sent directly to the server I activated " log-level=debug " and " full-log-dir " to have more information I noticed that rcpthosts and morercpthosts are not appearing in the "current config" Do you want to see the full-log ? - Original Message - From: "Sam Clippinger via spamdyke-users" To: "spamdyke users" Sent: Tuesday, November 01, 2016 9:14 AM Subject: Re: [spamdyke-users] How can I force users to USE the right SMTPserver ? It sounds like "reject-sender" is the right option... if it's not working, I would look at qmail's configuration. spamdyke uses qmail's rcpthosts and morercpthosts files to decide what addresses are "local" -- is there a separate copy of qmail for each server/jail with different configurations? -- Sam Clippinger On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users wrote: Hi I will try to explain the subject We use Qmail, VpopMail and Spamdyke We have multiple servers with jails with multiple domains, we have smtp servers configured in all the jails, in all the servers Every jail has an smtp server running with auth over spamdyke, and today (after a lot of years) we find that everyone can send mail using the rights credential to any of our servers I know, they are using valid credentials, but if a password is hacked, the spamers can login in every server to send mail using this credential So, the questions is: How can I force the users to use ONLY his smtp to send mails ? I think that " reject-sender = not-local " will work, but, no, only work if the user don't authenticate May be is a filter order ? I asked something similar to this and the solution was that I have to manually change the order in the source code Is there other way ? May be, if the filter order can be altered without changing the source code ? It´s a challenge ? :D Pablo Murillo ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users