On 05/03/2012 05:59 AM, Faris Raouf wrote: > Thanks Sam and Eric, > > I suspect I didn't explain what I want to do very well, and/or that my > assumption that the entire world would agree with my reasons for wanting to > do so was faulty :-) > > Basically, on a Plesk server, anyone who has a mailbox set up in Plesk can > use their incoming mail credentials for smtp authentication and can > therefore send email to any external address via that Plesk server. > > To me, this is shockingly permissive. I do not want all our users to be able > to send email via our servers because, if they did, it would lead to daily > spam outbreaks and frequent blacklisting of our IPs as users are forever > allowing their machines to get infected by some nasty thing or other. > > Our policy is therefore to permit only those users who we trust enough to > sufficiently protect their systems (and their passwords) to use our smtp > facilities. But when I say "permit", all I really mean is "tell them how to > do it" because there's no way in Plesk to say "this list of users can use > smtp authentication and no others". > > Unfortunately I've found that a significant number of users to whom we have > not given permission are using our authenticated smtp facilities. Worse > still, one of those "unauthorised" users recently sent a whole pile of spam, > which is what got me thinking that I'd better find a way to properly > restrict who can and can't use the facilities in the first place. Turning > relaying off completely in Plesk and setting up a dedicated smtp server for > this very purpose would seem like the best option, but I was trying to avoid > having to do so and then having to deal with the support hassle of getting > users to switch to using it. > > Eric - eMPF does look interesting but I'm not sure it is quite right for me > and patching qmail is unfortunately difficult with Plesk. It can be done - > Parallels does supply the modified qmail source code, but I've been there > and done that in the past and found it was all a bit of a nightmare. > > qmailmrtg7 by the same people looks awesome though and I'm going to look > into that asap. > > Thanks for the info on the whitelist/blacklist stuff Sam -- very > interesting. > > I'm going to experiment a bit more to see if I can come up with > something.... > > >
Much better post, Faris. Thanks for taking the time to explain your situation. As I said, I'm a QMail-Toaster user, so I'm not familiar with Plesk. QMT uses vpopmail, which has various settings for each users, one of which is to disable SMTP AUTH access (see vmoduser usage for details). A quick google seems to indicate that Plesk doesn't use vpopmail though. :( What does Plesk use for authentication? I would look in that direction for a solution. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
