Results 1 to 10 of 10

Thread: Qmail Spamming with <>

Hybrid View

  1. #1

    Qmail Spamming with <>

    Hello, I was just scanning my server and found that I can send emails if the from address is &lt;&gt;. In other words I can use my mail server as a relay.
    I have /etc/tcp.smtp set as
    192.168.:allow,RELAYCLIENT=&quot;&quot;
    127.:allow,RELAYCLIENT=&quot;&quot;
    :allow
    So I know that is supposed to help stop the relaying but how do I stop it from allowing to send with the &lt;&gt; ? Any links or info is greatly appreciated. Thanks.

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:Qmail Spamming with <>

    I just tested this out and it works, if the RCPT TO: address is of a domain I control or that is listed in my rcpthosts file. Someone could successfully spam your users using this loop hole, but the should not be able to use you as a relay to spam others.

  3. #3

    Re:Qmail Spamming with <>

    I see what your saying but do you know of a way to stop it. I get like 100 MAILER-DAEMON notices to invalid email addresses bouncing all over the place. I am not sure how to stop it.

    It looks like some random *.msn or *.hotmail will try to mail an email address on my domain but the address is invalid so it sends a bounce to the sender address and then it bounces back again saying the sender is an invalid address. Drives me nuts.

    Here is some of the message.

    Hi. This is the qmail-send program at lemiwinks.d****.net.
    I tried to deliver a bounce message to this address, but the bounce bounced!

    &lt;hwmfndc@msn.com&gt;:
    64.4.50.239 does not like recipient.
    Remote host said: 550 Requested action not taken: mailbox unavailable
    Giving up on 64.4.50.239.

    --- Below this line is the original bounce.

    Return-Path: &lt;&gt;
    Received: (qmail 8040 invoked for bounce); 4 Jun 2004 13:49:42 -0000
    Date: 4 Jun 2004 13:49:42 -0000
    From: MAILER-DAEMON@lemiwinks.da*****.net
    To: hwmfndc@msn.com
    Subject: failure notice

    Hi. This is the qmail-send program at lemiwinks.da*****.net.
    I&#039;m afraid I wasn&#039;t able to deliver your message to the following addresses.
    This is a permanent error; I&#039;ve given up. Sorry it didn&#039;t work out.

    &lt;hudson@mydomain.com&gt;:
    216.148.222.35 failed after I sent the message.
    Remote host said: 554 Error: too many hops


  4. #4
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935

    Re:Qmail Spamming with <>

    Instead of bouncing it back, just drop them.

    I used to bounce the spammers but ( mostly ), they will spam you one time and their address is gone forever. So it&#039;s just more work for you.

    What I currently do is have one address specially created and send all the mails for invalid address to that one. I occationally check them to make sure no legit mails are being directed. Then delete all of them at once.

    No easy way to fight spamming currently.

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:Qmail Spamming with <>

    Might be the same stuff I&#039;m experiencing then. I&#039;m getting tons of bogus emails bounced back I think and I can&#039;t do anything about it. Every day I wake up with at least a thousand mailer-daemon failure notices in my inbox. It&#039;s VERY frustrating.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:Qmail Spamming with <>

    arlight, i&#039;m totally at a loss. if anyone is an expert at qmail, or maybe any daemon, i need to get on contact with you. i&#039;ve had smtp re-enabled for about an hour, and i&#039;ve got 1000 bounced messages already! i don&#039;t know what to do. i&#039;m pretty sure i&#039;ve got my server configured correctly, but somehow they&#039;re still able to relay! if anyone wants to chat w/ me over AIM, MSN, ICQ, etc…my info is located in my profile. Email me with a subject line of &quot;need server help?&quot; if you can&#039;t get a hold of me over any of those mediums. any help would be GREATLY appreciated.

  7. #7

    Re:Qmail Spamming with <>

    I&#039;m glad to hear that someone else is having this issue. There has to be a way to fix this. I have googled for hours and keep coming up with &quot; Qmail by default doens&#039;t act as a relay so you don&#039;t need to take any measures&quot; I understand that they person can only mail the domains I host with the &lt;&gt; sender field but damn this is eating so much bandwidth. Please help. Thanks again.

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:Qmail Spamming with <>

    I think I&#039;ve fixed my problem. Mind posting your &#039;rc&#039; or &#039;run&#039; (if you use the supervise daemon) script for SMTP? I think I have a fix...

  9. #9

    Re:Qmail Spamming with <>

    This is /var/qmail/supervise/qmail-smtpd/run

    #!/bin/sh
    QMAILDUID=`/usr/xpg4/bin/id -u qmaild`
    NOFILESGID=`/usr/xpg4/bin/id -g qmaild`
    MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
    LOCAL=`head -1 /var/qmail/control/me`

    if [ -z &quot;$QMAILDUID&quot; -o -z &quot;$NOFILESGID&quot; -o -z &quot;$MAXSMTPD&quot; -o -z &quot;$LOCAL&quot; ];
    then
    echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
    echo /var/qmail/supervise/qmail-smtpd/run
    exit 1
    fi

    if [ ! -f /var/qmail/control/rcpthosts ]; then
    echo &quot;No /var/qmail/control/rcpthosts!&quot;
    echo &quot;Refusing to start SMTP listener because it&#039;ll create an open relay&quot;
    exit 1

    fi

    exec /usr/local/bin/softlimit -m 6000000 \
    /usr/local/bin/tcpserver -v -R -l &quot;$LOCAL&quot; -x /etc/tcp.smtp.cdb -c &quot;$MAXSMTPD&quot; \
    -u &quot;$QMAILDUID&quot; -g &quot;$NOFILESGID&quot; 0 smtp /var/qmail/bin/qmail-smtpd 2&gt;&amp;1

    This is my /var/qmail/rc:

    #!/bin/sh

    exec env - PATH=&quot;/var/qmail/bin:$PATH&quot; \
    qmail-start &quot;`cat /var/qmail/control/defaultdelivery`&quot;

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    419

    Re:Qmail Spamming with <>

    You&#039;re not using any relay control programs like relay-ctrl or smtpd-auth? How can your users send out to domains not listed in your &#039;rcpthosts&#039; file?

    I assumed you were using smtpd-auth w/ checkpassword, and my fix was for that.

Similar Threads

  1. Prevent my users from spamming and making ddos attacks
    By gueurk in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 01-22-2012, 12:55 PM
  2. qmail
    By lynOS in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-20-2004, 05:05 AM
  3. Help With Qmail
    By Ashcrow in forum Linux - Hardware, Networking & Security
    Replies: 10
    Last Post: 06-26-2003, 06:33 AM
  4. Can't build qmail
    By datamike in forum Linux - General Topics
    Replies: 2
    Last Post: 02-27-2003, 07:12 PM
  5. Qmail
    By flandercan in forum Linux - Software, Applications & Programming
    Replies: 0
    Last Post: 05-17-2002, 07:19 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •