Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Spam

QMail's Relay Filters Allow SPAM? 14

Posted by Cliff from the patches-needed dept.
ynotds asks: "Our low profile, security-conscious specialty hosting service might have been relaying spam from an untraceable IP for around 43 hours before we tracked the source of a significant traffic increase across quite a few of our less active client IPs. After we firewalled the first spammer IP, three more appeared in quick succession trying the same thing, then after we took qmail down for a while and brought it back up, another group of four tried the same trick, all but one from 203.x.x.x IPs like our own. We now have 90Mb of mainly these unsent messages in our (appropriately named) mess directory queues, but don't want to get side tracked into duplicating others' research if this is a better known problem than it appears to be after another scan of anti-spam resources."
This discussion has been archived. No new comments can be posted.

QMail's Relay Filters Allow SPAM? More

QMail's Relay Filters Allow SPAM?

Comments Filter:
  • Spam mail is getting very bad, personally I cant wait until Congress rules on it. In the meantime you have to do something, right? In my opinoin two really great sites that cover this are here [gunters.org] and here [summersault.com]. The first one has some vey useful tools that may help, the second is basically a how to. As for your question, What you probably need is some anti-relaying filters. Perhaps the best site for your problem is here [mail-abuse.org]. They have some pointers on how to secure your current mail(Qmail in your case) system against third-party relay. Along with Qmail they cover other mail systems including pmdf and Dmail. Hope I could help
  • You don't mention many details about how did they manage to send spam. In my experience, qmail's antispam measures, when properly configured, are as good as anyone else's, and of course, if one of your customers suddenly decides to become a spammer, there's little you can do (the same goes if they are stupid enough to run an open relay that has you as their smarthost).
  • I'm not sure what kind of spamming is being done, but with proper configuration of qmail (not hard to do), it will refuse to accept messages for destinations not in its accept list, unless the messages come from a set of ip's you specify.

    this wouldn't stop inbound spam to mail domains you host, but it would stop you from being an open relay.
  • You say you might have relayed spam, but you offer no proof. In a properly setup qmail installation, you will not relay. You may accept messages that are spam (like any other MTA), but those messages won't go anywhere. Read life with qmail [lifewithqmail.org]. If you have setup differently, then rebuild using lifewithqmail instructions.
  • Ok, I can't believe I am going to bite on this troll but here it goes:


    QMAIL is not your problem. In fact, even if you REALLY screw up in your setup qmail is still hard to use as a relay as you ACTIVELY have to open it up as one.
    Now I'll get to your points (which are few):

    I think you are saying that qmail allows relaying. -- That is false. If you read the relaying [lifewithqmail.org] section in life with qmail [www.lifewithqmail] you will notice that it says "If you follow the official directions for installing qmail, relaying will be turned off by default." -- Obviously you messed that up.

    To monitor your rule you will look in the /etc/tcp.smtp file and find rules in this pattern:
    IP address of client:allow,RELAYCLIENT=""
    IP address of client:allow,RELAYCLIENT=""

    Now unless you are using like pop-before-smtp then that' it. If you are using pop-before-smtp make sure your cron job is running every half hour to clear out old relay entries.

    <RANT> PLEASE DON'T BLAME QMAIL FOR YOUR MISCONFIGURATION</RANT>

    You can email me privately if you still need help and Cliff, you should not have posted this troll.

    -dave

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close