Is the undesirable email coming from the compromised computer, or somewhere else?
If it's coming from the compromises computer, you should remove the malware. If it's coming from somewhere else, you can simply change the password. I know this doesn't answer your question, but your question has nothing to do with spamdyke after all. -- -Eric 'shubes' Rajesh M wrote: > hello sam > > thanks for yorr reply > > i will explain in detail > > a) i have a customer user @ abc.com. He configured his "from email id" as > user @ abc.com authenticates as user @ abc.com , with password like any > normal user and sends out emails > > b) his computer got compromised and his user id and password were picked > up by the hacker > > c) the hacker now started sending a variety of email by authenticating as > user @ abc.com and password --- but the point was that the hacker was > using from email id as : user @ yahoo.com , user @ hotmail.com and sending > to recepients globally > > d) what i need is that if users are authenticating then compulsorily the > "mail from" should be a domain on the server which will naturally be a > part of the rcpthosts file or some other file. > > e) All my customers user use 587 port only for sending out emails. > > Can empf this ? OR do i need to modify the qmail source file ? > > > thanks > rajesh > > >> I'm not sure I understand the issue here. spamdyke (and qmail) don't >> check the _sender's_ domain against the rcpthosts file, they only check >> the _recipient's_ domain. If you could configure spamdyke (or qmail) to >> block senders that weren't hosted on your mail server, you would never >> receive any email from anyone outside your own domain(s). Is that >> really what you want? >> >> In any case, spamdyke allows authenticated senders to bypass all of its >> filters, under the assumption that authentication implies authorization >> to send anything. If you really want to ignore authorization and block >> senders from domains that aren't hosted locally, you could do something >> like this (BEWARE, I haven't tested this configuration myself): >> First, tell spamdyke to block authentication attempts so no one can >> authenticate. >> smtp-auth-level=none >> Next, blacklist everyone: >> ip-blacklist-entry=0.0.0.0/0.0.0.0 >> Then create a copy of your rcpthosts file and edit it to put the "@" >> character at the start of every line, before the domain name. >> Next, use that modified file as a sender whitelist file (assuming >> you named it /var/qmail/control/rcpthosts.whitelist.txt): >> sender-whitelist-file=/var/qmail/control/rcpthosts.whitelist.txt >> Be sure to use the "local-domains-file" and "access-file" options so >> spamdyke override qmail's relay filter. Otherwise your whitelisted >> senders won't be able to send mail to anyone outside your domain(s). >> >> Good luck. >> >> -- Sam Clippinger >> >> Rajesh M wrote: >>> hello >>> >>> i noted that as long as i smtp authenticate qmail does not check to >>> ensure >>> that the mailfrom email id (domain name part) exists in the rcpthosts >>> file >>> or not. >>> >>> i need to check to ensure that the domain part of the mailfrom email id >>> is >>> a domain hosted on my server. >>> >>> example if domain1.com is hosted on on my server and therefore present >>> in >>> rcpthosts file. >>> >>> and [email protected] is sending an email after smtp authentication. >>> >>> then while accepting this email i would need qmail smtp to check to >>> ensure >>> that domain1.com is exists in the rcpthosts file. >>> >>> now the question is this possible by modifying the spamdyke file, if >>> possible, any tips on this would be helpful ? >>> >>> >>> thanks >>> rajesh >>> _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
