hi all, i´ve a problem with our qmail-server. it´s listed at ordb.org as open relay. :( my problem with this is, that i have configured my rcpthosts that only our domains could use this server as mta. but it´s easy to take one of these domains an add it to "mail from:". Now I use the control-file relaymailfrom to specify the email addresses to use this mta. but now when i start qmail-showctl at the end of the output I get this. relaymailfrom: I have no idea what this file does. anyone an idear? thanks armin
Hello, in qmail you usually need to use rcpthosts in combination with bernsteins tcpserver that invokes the qmail-smtpd, and sets a environment var according to the calling ip. Only both will solve your "adding a valid domainnamet in MAil From:" relay problem. Kindly Regards. abaesche@worklab.de wrote:
hi all,
i´ve a problem with our qmail-server. it´s listed at ordb.org as open relay. :( my problem with this is, that i have configured my rcpthosts that only our domains could use this server as mta. but it´s easy to take one of these domains an add it to "mail from:". Now I use the control-file relaymailfrom to specify the email addresses to use this mta. but now when i start qmail-showctl at the end of the output I get this. relaymailfrom: I have no idea what this file does. anyone an idear? thanks armin
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- aixigo AG - financial training, research and technology Schloß-Rahe-Straße 15, 52072 Aachen, Germany fon: +49 (0)241 936737-70, fax: +49 (0)241 936737-99 eMail: Zoran.Cvetkovic@aixigo.de, web: http://www.aixigo.de
hi all,
i´ve a problem with our qmail-server. it´s listed at ordb.org as open relay. :( my problem with this is, that i have configured my rcpthosts that only our domains could use this server as mta. but it´s easy to take one of these domains an add it to "mail from:". Now I use the control-file relaymailfrom to specify the email addresses to use this mta. but now when i start qmail-showctl at the end of the output I get this. relaymailfrom: I have no idea what this file does. anyone an idear? thanks armin
I have an idea :) takes not qmail ! take postfix .. :) this is not openrelay-ing .. ! i have this probs with sendmail , qmail an other mailsystems , postfix is easyier .. .. greetz Markus Röder
Hi, As Zoran pointed out, you can use tcpserver to specify which IP addresses are allowed to relay - works fine, unless the customers have dynamic IPs. If the latter should be the case, consider using SMTP-AUTH or POP after SMTP, you can find various implementations on http://www.qmail.org ... I don't think that there is any reason to switch from qmail to postfix to solve your problem. If qmail is configured correctly and if the hostmaster knows what he does, qmail is very stable and secure. If the hostmaster does not, sooner or later you'll have security problems, no matter which mailer you are running. I *don't* say qmail is better than postfix or vice versa, we are using both, so please, no flame-wars :-) Best regards Reto Inversini ----- Original Message ----- From: <abaesche@worklab.de> To: <suse-security@suse.de> Sent: Thursday, December 13, 2001 2:36 PM Subject: [suse-security] open relay qmail hi all, i´ve a problem with our qmail-server. it´s listed at ordb.org as open relay. :( my problem with this is, that i have configured my rcpthosts that only our domains could use this server as mta. but it´s easy to take one of these domains an add it to "mail from:". Now I use the control-file relaymailfrom to specify the email addresses to use this mta. but now when i start qmail-showctl at the end of the output I get this. relaymailfrom: I have no idea what this file does. anyone an idear? thanks armin -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* abaesche@worklab.de wrote on Thu, Dec 13, 2001 at 14:36 +0100:
relaymailfrom: I have no idea what this file does.
remove this file :) If you want to relay from i.e. 192.168.x.x, let TCP Server set a variable. I start qmail this way: #changes will be detected automatically if [ "/etc/tcp.smtp" -nt "/etc/tcp.smtp.cdb" ] ; then echo "Rebuilding TCP Rules (Relayhosts)" tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp \ < /etc/tcp.smtp \ || err_exit "Fehler beim Erstellen der Konfiguration!" else echo "(TCP Rules not changed)" fi [...] tcpserver -x /etc/tcp.smtp.cdb \ -u `id -u qmaild` -g `id -g qmaild` 0 \ smtp /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpd 3 & /etc/tcp.smtp reads as it follows: 127.:allow,RELAYCLIENT="" 192.168.:allow,RELAYCLIENT="" So clients from that IP ranges get marked as RELAYCLIENT and are allowed to relay. Since it's IP source based it cannot be faked such easy. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
participants (5)
-
abaesche@worklab.de -
pluto@cyberryderz.de -
Reto Inversini -
Steffen Dettmer -
Zoran Cvetkovic