SMTP Settings for Qmail Server - I suspect Open Relay on our server causing rejection
 

Hi All,

I would appreciate if someone guide me to a text or tutorial related to preventing Open Relay on our mail server.

We are using Qmail based on Slackware 12. Usually the outgoing mail runs fine but in certain occasions the outgoing delivery results in error messages No 503 and 550
I have tried to pick up in Google certain recommendations for resolving the open relay but most of them were just referring to checking for properly defined recepients.


When I check the svscanboot& - each time the values appear to grow rapidly. Is that normal?

I suspect there is spam queue piling up and then the outgoing delivery to our ISP rejects the sending? Do I think this correctly? :o



Can someone send me a link to suitable guides for installing spam filtering and preventing Open Relay on our server?

Or, decent comments about the cause for Errors 503 and 550?

If my expressions are not clear in this post, I apologise in advance,

Have a Nice Time, Thank You!

Hi,

In a default installation qmail only allows relaying from localhost. Take a look at /etc/tcp.smtp to see if someone else is allowed to use your server.
Also you can check here if your mail server is an open relay.

If you want to use spam filtering, you might take a look at qmail-scanner, or read this if you're using qmail-toaster.

Regarding the errors, 503 means that there is an authentication error (with your ISP?) and I guess you get a 550 (mailbox unavailable) either because of the previous authentication problem, or because indeed there is no such mailbox

Regards

Thank you Very Much, bathory,

I have checked the records in the /etc/tcp.smtp file and they were :

127.:allow,RELAYCLIENT=""
192.:allow,RELAYCLIENT=""
196.:allow,RELAYCLIENT=""

I have amended them by deleting the rest and remaining only with:

127.:allow,RELAYCLIENT=""

believing it is correct


I'll read the stuff related to the qmail scanners and try to establish whether the server has already active scanners installed. If I can't find any, then I'll call for help.

The error messages we can deal with after detecting the effect of what was already done.

Just to clarify the principles of our setup:
Our server is running on a public IP address 196.xxx... range and is accessible from outside.
At the moment, until server's settings are finalized, all our users (they are sub-divided throughout different networks (192.168.1.xxx; 192.168.10.xxx; 192.168.20.xxx for example; Now I am thinking about those within the 10.0.0.xxx, 10.0.1.xxx, 10.0.10.xxx ranges - they were not listed in the tcp.smtp file!!!

But a few days ago the mail to ALL of those above was perfect!

Currently, most of those users use SMPT server at our ISP (one level above us); I wander whether this could cause the problem of occasional dropping of the outgoing mail???

My simple thinking suggests that the Open Relay and Mail Scanning against spam is the starting point for resolving this situation.

I'll search through the threads for anything similar to our case.

Many Thanks, your time is appreciated!

That means that your qmail server was in fact an open relay for the 192.x.x.x and 196.x.x.x networks. Maybe someone discovered it and that's why you start getting errors. You can take a look at qmail smtpd logs (usually /var/log/qmail/smtpd/current) to see if your server was abused from hosts in the above networks.
I guess you have ran
afterwards to rebuild the /etc/tcp.smtp.cdb database, or else your new config is not going to work. With this setup only localhost is allowed to send mail. If you want your users to be able to do so, you have to add: 192.168. and 10.0. in /etc/tcp.smtp

Regards

Thank you Very Much, bathory,

I have done what you suggested, and executed qmailctl cdb script (still HAVE NOT added 192.168. and 10.0. networks in the /etc/tcp.smtp file, pending to see the current effect)

The mails are going pretty well, we have not noticed any rejection so far; Only ONE of the users inside our sub-networks has complained that a NEW MAIL MESSAGE goes out fine, but FORWARD of email fails to be sent. Probably is something to do with her own mail account settings?

At the same time, my experimental FORWARD mails go out without problems.
If any coments about this effects are coming in mind, I would be glad to receive pointing to information.

Your input was really helpful, Cheers!

Hi,

I guess it's a problem from the user's end, or from the mailserver she's trying to forward. Forwarding a message is the same as sending a new one, so I don't think there is something wrong at your end.
You can take a look at qmail logs (/var/log/qmail/current) to see if you discover the reason.

Regards