Title: Re: Witango-Talk: WiTango & Email
|
Nope, there's no door left open, however it's
all happening on port 25. So, I redirected to port 26, same thing.
127.0.0.1 isn't the problem anymore. I found
some spyware, and a trojan on a client machine. Arghhhh!
I excluded the IP's from the local clients one
by one and found the culprit!
I understand what is going on, but this SHOULDN�T,
unless you�ve left a door open.
I suspect you have authentication off
for your whole domain, rather than turn it off for a handful of trusted
IPs
When they send something through [EMAIL PROTECTED] and are sending it
from an outside address, they should be challenged for user/pass, unless
you�ve left an unnecessarily wide hole open by allowing relaying from anyone
at your_domain.com.
Your mail server is going to see the originating
IP as 127.0.0.1 ONLY for clients actually on the same machine, namely witango.
For every other message, it will see the sender�s IP as the IP of that
originating client, not the domain that it claims to be from.
On
11/1/04 12:19 PM, "Rick Sanders" <[EMAIL PROTECTED]>
wrote:
Hi Roland,
Thanks for your
reply. Unfortunately, it's a little more complicated than that.
The people relaying off the server, are using the
email address of the domain hosted on the server
So, the
spammers are using [EMAIL PROTECTED], and it's going through without
authentication because 127.0.0.1 is in the privileged IP
range.
The IP of
that message is NOT 127.0.0.1, but the IP of the originating client.
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
|
- Re: Witango-Talk: WiTango & Email Rick Sanders
-
