Closed TopicStart new topicStart Poll

> Smtp Relay And Spam, How to secure your SMTP server
hschneider
Posted: Nov 3 2002, 10:50 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Scenario:
You want to run a public SMTP with a secured relay.

Solutions:

Generally:
- For your LAN users you CAN (if you want) set smtprelay.tab to the scope of your subnet. Members of that subnet are then able to relay without authentication.
- Domain members outside that scope MUST HAVE a valid user account in the XMail domain.
- Do NOT use mail-auth in your server.tab. This blocks all mails from other SMTPs, because they cannot
authenticate with your system. This authentication scheme is meant for private or complex public infrastructures. So make sure #"SmtpConfig" "mail-auth" remains commented out in your server.tab.

Pop_before_SMTP:
- When your users poll mail, they do a POP_before_SMTP, which authenticates them as valid users.
- XMail then opens the SMTP relay for a short time frame (900 sec by default) and only for that user.
- Make sure that #"EnableAuthSMTP-POP3"[TAB]0 is commented out with a # in your server.tab.

SMTP AUTH:
- Set "SMTP Server requires authentication" on your mail client.
- XMail automatically handles that client request and sends mail only to authenticated users.
- Make sure that "EnableAuthSMTP-POP3"[TAB]0 is NOT commented out with a # in your server.tab.

You can also allow both: Pop_before_SMTP and SMTP Auth for a more loose security policy.
If possible, you should prefer SMTP Auth only, since it is more secure.

Conclusion:
A spammer can only use the server's relay, if he has the username and password of a valid domain account or another backdoor.

To check your relay:
Use the following services:
http://mail-abuse.org/tsi/ar-test.html
(just telnet to relay-test.mail-abuse.org from your server)
or if you want to test any other server go to:
http://www.antispam-ufrj.pads.ufrj.br/test-relay.html


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
Bhozar
Posted: Apr 11 2003, 12:05 PM
Quote Post


Royal XQM Beta Tester
****

Group: Members
Posts: 148
Member No.: 481
Joined: 5-March 03



Useful guide. I just set smtp.ipmap.tab as
"0.0.0.0" "0.0.0.0" "ALLOW" 1

I make all internal network users authenticate to send email. It alows me to make a virus checking gateway on the internal network. If I was to allow relay for the internal network all spammers could send through the Sophos virus gateway.
PMEmail Poster
Top
hschneider
Posted: Apr 11 2003, 12:26 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Sorry -- this shot was too quick. Mistake by me.
If you deny this, you forbid access for other SMTPs. Then they might blacklist you.

So please leave
"0.0.0.0" "0.0.0.0" "ALLOW" 1

If smtprelay.tab is cleared and your clients use SMTP auth, everything is OK.
To veryfy, you can use the relay test under "usefule links"



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
vld
Posted: Apr 30 2003, 04:26 PM
Quote Post


Junior Member
**

Group: Members
Posts: 34
Member No.: 561
Joined: 30-April 03



If I leave smtp.ipmap.tab totally blank (empty file) is the same as "0.0.0.0" "0.0.0.0" "ALLOW" 1 ?
Thanks.
PMEmail Poster
Top
hschneider
Posted: Apr 30 2003, 06:33 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Yes, and this is OK for a public SMTP server.

If you limit this to e.g. the scope of your LAN, then XMail will deny mails from other SMTP servers and clients (it sends "Server doesn't like your IP" then). Since that point it's only a matter of time until you get blacklisted.


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
vld
Posted: Apr 30 2003, 10:16 PM
Quote Post


Junior Member
**

Group: Members
Posts: 34
Member No.: 561
Joined: 30-April 03



thanks! smile.gif
PMEmail Poster
Top
blackz
  Posted: May 29 2003, 02:33 AM
Quote Post


Newbie
*

Group: Members
Posts: 2
Member No.: 601
Joined: 29-May 03



sad.gif I want that who have our mail server account to use the smtp server, and don't want to change their email client setting(maybe there are 1000+ users). So I do with the pop-before-smtp. But I found that everyone can use our mail server to send mail. Do you have some suggest?

THX!!!


--------------------
Hei, I like Xmail server.

0=====)=======================>
PMEmail Poster
Top
dfitch
Posted: May 29 2003, 05:00 AM
Quote Post


Advanced Member
****

Group: Members
Posts: 117
Member No.: 475
Joined: 28-February 03



Clear the smtprelay.tab

D
PMEmail Poster
Top
blackz
  Posted: May 29 2003, 05:08 AM
Quote Post


Newbie
*

Group: Members
Posts: 2
Member No.: 601
Joined: 29-May 03



biggrin.gif ok, it's work.

Thank you!


--------------------
Hei, I like Xmail server.

0=====)=======================>
PMEmail Poster
Top
Jordan
Posted: Dec 6 2003, 01:23 AM
Quote Post


Newbie
*

Group: Members
Posts: 13
Member No.: 833
Joined: 4-December 03



I've got the server set up how it was explained in the first post of this message, however when i try to log-in to send mail it doesnt seem to work. my client just hangs until it gives me an error without and error message. Am i missing something?
PM
Top
hschneider
Posted: Dec 6 2003, 09:14 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Do a
telnet client_ip 25
then cut and paste the following:
CODE

helo TBIRD
Mail from: <maildiag@marketmix.com>
Rcpt to: <maildiag2@marketmix.com>
data  
from: <maildiag@marketmix.com>
to: <maildiag2@marketmix.com>
subject: test  


This is a test ...  

.
quit


Just replace sender and recipient, but leave all <> intact.
What does the server reply ?


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Documentation and Knowledge Base | Next Newest »

Closed TopicStart new topicStart Poll