Help: Qmail unknown users spam

~=gr3p=~ · 03-12-2006, 12:28 AM

Hi,

I have qmail mailserver (Virtual Users & Domain). I have taken most of the anti-spam measures like spam assasin,qsheff(built-in ani-spam regex) scanner and clam av.

I'm also using RBLSMTPD (spamhaus SBL rules)

Quote:

exec softlimit -m 40000000 \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -H -R -l $HOSTNAME -x /etc/tcp.smtp.cdb \
-c200 -u5002 -g5000 0 smtp rblsmtpd \
-b -r relays.ordb.org rblsmtpd -r sbl.spamhaus.org \
fixcrio relay-ctrl-check qmail-smtpd 2>&1 \
| setuidgid qmaill \
multilog t n100 s1000000 /var/qmail/logs/smtp & \

I haven't compiled qmail-smtpd with SMTP AUTH patch due to compilation problem. so it's an SMTP after POP authentication (relay-control). This is a part of my tcprules.

Note: 192.168.1.2 is the Private IP of my mailserver.

Quote:

127.0.0.1:allow,DATABYTES="0",QMAILQUEUE="/var/qmail/bin/qmail-qsheff"
192.168.1.2:allow,DATABYTES="0",QMAILQUEUE="/var/qmail/bin/qmail-qsheff"
:allow,DATABYTES="0",QMAILQUEUE="/var/qmail/bin/qmail-qsheff"

I have certain users accessing mailserver from internet(dynamic IP) so thats why u see the last rule ":allow".

I get several spam emails quarantined and the from field contains non exsistent users and the recipient field contains both exsistent and non-exsistent users.. For eg.

From: non-exsistent.user@mydomain.com
To: exsistent.user@mydomain.com

I checked the qmail.org site and there is a patch called check user but i cannot mess my live qmail setup by recompiling it.

Is there any way i can stop this without requiring any recompilation ?

~=gr3p=~ · 03-12-2006, 01:05 PM

Please any qmail master comment I'm taking an effort to understand things

ok i compiled qmail-smtpd with this smtp-auth patch over here:

http://members.elysium.pl/brush/qmail-smtpd-auth/

I use Vmailmgr with qmail and followed the instructions over here:

http://members.elysium.pl/brush/qmai...th/faq.html#a4

I telnet to my mailserver give EHLO command and see this:

250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-PIPELINING
250 8BITMIME

but the Authentication doesn't work at all.

this is how i changed my smtp startup script.

Quote:

exec softlimit -m 40000000 \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -H -R -l $HOSTNAME -x /etc/tcp.smtp.cdb \
-c200 -u5002 -g5000 0 smtp rblsmtpd \
-b -r relays.ordb.org rblsmtpd -r sbl.spamhaus.org \
fixcrio relay-ctrl-check qmail-smtpd mydomain.com checkvpw true Maildir 2>&1 \
| setuidgid qmaill \
multilog t n100 s1000000 /var/qmail/logs/smtp & \

In M$ Outlook it continuosly prompts me for the password !

I have also chmod ug+s checkvpw !

this is the POP3 entry in my startup script.

Quote:

exec softlimit -m 10000000 \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -H -R -l $HOSTNAME -x /etc/tcp.smtp.cdb \
-c200 -u0 -g0 0 110 qmail-popup localhost \
checkvpw relay-ctrl-allow qmail-pop3d Maildir 2>&1 \
| setuidgid qmaill \
multilog t n100 s1000000 /var/qmail/logs/pop3 &

thanks

~=gr3p=~ · 03-13-2006, 06:44 AM

ok no one has an answer. applied my mind and found a simple solution. What i did is since it is an SMTP after successful POP3 authentication which will then automatically allow the client to relay, i just remove the line "mydoamin.com" from the file /var/qmail/control/rcpthosts

Note: I can remove mydomain.com becoz I have an external Mail host service provider from whom i download messages using fetchmail and deliver local users.

Thanks all.