Hello there,
I've been reading the SIMS mailing list web digests for quite a while now to help me solve my SIMS problems, but now I have a question that I can't seem to resolve normally.
First, my SIM server has been under a spam barrage for awhile now. All of the normal counter measures have been taken -- Relaying for Clients Only, spamhaus as an RBL-blacklist, verify return paths, plus I've blacklisted many of the 'usual suspect' IP blocks. Most of it originates from variations on YAHOO.COM.JP and things like that, which I have a harder time blocking in my heart because legitimate people may actually use these services, and about a third is from KX100.NET, of course.
So, in my Router I have the entry kx100.NET = error, however messages from them are STILL being added to my queue (and overloading it to the point of crashing -- I had 15,000 spam messages sitting in my queue, despite telling SIMS to delete all bad messages IMMEDIATELY). Arrggg. What's up with that? What's up with my queue overflowing?
You are being used as a spam relay.
I noticed a few days ago in the logs that nefarious spammers were trying to authenticate with random passwords on my Postmaster and Webmaster accounts. "Ha," I thought, "this won't be a problem, since both of those accounts are forwarding only and login is DISABLED." Well, it doesn't seem like that stopped them, because somehow the webmaster account has been authenticating. How can this be? I threw together some strong passwords for both accounts (they had null passwords before) and things like that in the meantime (require APOP), but how is it they can authenticate accounts with their login disabled? This isn't making sense to me.
The 'login' field in the web interface is misleading. It controls whether the user can log into the web interface or with Communigator. It DOES NOT prevent SMTP or POP authentication.
My theory is, of course, that the queue is overflowing because of the authentication, which is happening either because disabling an account login doesn't work, or because I don't understand authentication well enough.
The spammer is taking advantage of the fact that you had null passwords. That makes authentication easy. SIMS is an open relay to anyone who has authenticated.
Lesson: never, for any reason, in any system, ever, leave a password null.
-- Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
