Re: Current abuse of James 2.3.0 as open relay

Fri, 31 Oct 2008 03:51:11 -0700 

Hi Tor,
I've sent you the config file in a private mail with the passwords deleted (I hope :-). 


I've had a chance to look over your file and didn't find any glaring 
errors.  Here are some suggestions you may like to look into: -


* The nntpserver is enabled.  Unless you need it, I would disable it.


* Your smtpserver has 'authorizedAddresses' set to '127.*' which is 
fine.  However, this will allow any process running on your server to 
send remote email without requiring SMTP authorization.  Is it possible 
you have a web app running on your server which is being used by the 
spammer to send email?



* Since you are using SMTP authentication you can safely get rid of the 
anti-relay mailet check at the end of the transport processor - just 
delete the following:


 <!-- CHECKME! -->
          <!-- This is an anti-relay matcher/mailet combination -->
...

         <!-- If you are using SMTP authentication then you can (and 
generally -->

          <!-- should) disable this matcher/mailet pair. -->
          <mailet match="All" class="ToProcessor">
             <processor> relay-denied </processor>

             <notice>550 - Requested action not taken: relaying 
denied</notice>

          </mailet>



* In your transport processor you have deliveryThreads set to '1'.  This 
is OK if you are short of memory but it will mean your entire mail 
sending capability will be halted if the address you are sending to is 
not responding properly (eg because of Tarpitting or Teergrubing).  I've 
set mine to 4 which seems to be adequate.



* I notice you have left '&fetchmailConfig;' in your config.  Again 
unless you need fetchmail I would remove it.



Hope that helps.  As I said earlier I can't see anything wrong.  In 
general, from 3.2 onwards if you have turned SMTP authentication on you 
can be sure that any attempt to send a message to a non-local address 
will require SMTP Authentication.  The one big exception to this is any 
message sent to James which originated from the server itself (from a 
web application for example) is not challenged by the SMTP server.



Regards,
David Legg


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
























					Reply via email to