[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: again.. how to stop spam relaying?
from /etc/zmailer.conf
DBTYPE=ndbm
DBEXT=
DBEXTtest=.pag
from smtpserver.conf
PARAM policydb ndbm /apps/zmailer/db/smtp-policy
ls -l /apps/zmailer/db/smtp-policy*
-rw-r--r-- 1 root 40061 Jan 27 17:13
/apps/zmailer/db/smtp-policy.dat
-rw-r--r-- 1 root 4096 Jan 27 17:13
/apps/zmailer/db/smtp-policy.dir
-rw-r--r-- 1 root 296 Jan 28 17:35
/apps/zmailer/db/smtp-policy.mx
-rw-r--r-- 1 root 65536 Jan 27 17:13
/apps/zmailer/db/smtp-policy.pag
-rw-r--r-- 1 root 314 Jan 28 17:35
/apps/zmailer/db/smtp-policy.relay
-rw-r--r-- 1 root 16498 Jan 27 17:13
/apps/zmailer/db/smtp-policy.spam
-rw-r--r-- 1 root 10485 Jan 19 07:55
/apps/zmailer/db/smtp-policy.src
-rw-r--r-- 1 root 11821 Nov 16 17:06
/apps/zmailer/db/smtp-policy.txt
All of the above looks ok.. BUT my default boiler plate section is
different..
ALL of those lines that you have listed below are commented out.
When would you want to use each alternate case? What does each actually
do?
> -----Original Message-----
> From: mea@nic.funet.fi [SMTP:mea@nic.funet.fi]
> Sent: Tuesday, February 10, 1998 3:30 AM
> To: TrevorPaquette@mcc.net
> Cc: zmailer@nic.funet.fi
> Subject: Re: again.. how to stop spam relaying?
>
> > We just got 'replay spammed' again.. Some looser is using us to
> relay to
> > mcimail.com.
> > How can I stop this???? This ties up our mail system for hours on
> end.
> > This guy tries to pump about 10000 mail messages ever few days
> through
> > us.
>
> Sorry, replying to this slipped thru my "do a bit latter, but
> do soon" buffer -- a buffer overflow most likely.
>
> > > 3049r MAIL FROM:<guhio71@msn.com>
> > > 3049w 250 2.1.0 Sender syntax Ok
> > > 3049r RCPT TO:<2001199@mcimail.com>
> > > 3049w 250 2.1.5 Recipient address syntax Ok
> > > 3049r RCPT TO:<2001198@mcimail.com>
> > > .....
> > > 3049r RCPT TO:<2001101@mcimail.com>
> > > 3049w 250 2.1.5 Recipient address syntax Ok
> > > 3049r RCPT TO:<2001100@mcimail.com>
> > > 3049w 250 2.1.5 Recipient address syntax Ok
>
> Gee, generated addresses. No doubt the msn.com user
> is fake too.
>
> > > 3049r DATA
> > > 3049w 354 Start mail input; end with <CRLF>.<CRLF>
> > > 3049w 250 2.6.0 S.omabe421802 message accepted
> > > 3049# S.omabe421802: 6960 bytes
> > > 3049r QUIT
> > > 3049w 221 2.0.0 gate.mcc.net Out
> > >
> > > I have setup the following files to try to stop this:
> > >
> > > smtp-policy.relay:
> > > (List of IPs that can use us as an outgoing smtp relay)
> > >
> > > smtp-policy.mx:
> > > (all of the domains that we are the mail exchanger for)
> > >
> > > I then run $ZMAILER/bin/policy-builder.sh to create the database
> > > files, and the policydb parameter in smtpserver.conf is set to:
> > >
> > > PARAM policydb ndbm /apps/zmailer/db/smtp-policy
> > >
> > > According to the contents of the above files, what happened in the
> > > logs above, should never have happened.
> > > Am I missing something obvious?
>
> Hmm.. Perhaps..
>
> I did issue "DEBUG" command, and then "MAIL FROM:<foo@msn.com>", and
> got following tail-part of the report:
>
> DEBUG: 4/DOMAIN/'.'
> checkaddr(): domain of '.'
> Key: 4/DOMAIN/'.'
> query failed
> Results: rejectnet . freezenet . rejectsource . freezesource .
> relaycustomer . relaycustnet . relaytarget . acceptifmx . acceptifdns
> . senderokwithdns . acceptbutfreeze . sendernorelay . test-dns-rbl .
> message . localdomain .
> 250 2.1.0 Sender syntax Ok
>
> which means, it can't read the database for some reason.
> (Because there SHOULD be a fall-back tag of "." in the smtp-policy.src
> file
> to provide default values..)
>
> What is the $DBTYPE in your /etc/zmailer.conf file (your location
> may vary, of course) ? Is it ndbm ?
>
> The type on "PARAM policydb" entry must match that of the system
> default
> database type, because the policy-builder.sh uses $DBTYPE..
> (Although, the autoconfig builds proto/smtpserver.conf with this set
> to correct value, so unless you have altered it after installing,
> this
> detail should be ok.)
>
> Oh yes, is the database file readable by everybody ?
> At the time of the db open the euid is "daemon", if I recall
> correctly,
> and thus getting access to the db file(s) may become a bit restricted
> when compared to "euid==root", and especially if your default umask is
> stricter than 022 while generating the db file.
> (... but in this case the system should cry out loudly for a major
> failure..)
>
> It must be about a problem in the smtp-policy.src boilerplate then.
> Here is my standard-issue boilerplate as it is in the source tree:
>
> #|-----------
> #|
> #| Default handling boilerplates:
> #|
> #| "We are not relaying between off-site hosts, except when ..."
> #|
> # -- 1st alternate: No MX target usage, no DNS existence verify
> # . relaycustomer - relaytarget -
> # [0.0.0.0]/0 relaycustomer - relaytarget -
> # -- 2nd alternate: No MX target usage, DNS existence verify
> # . relaycustomer - relaytarget - senderokwithdns +
> # [0.0.0.0]/0 relaycustomer - relaytarget - senderokwithdns +
> # -- 3rd alternate: MX relay trust, DNS existence verify
> . relaycustomer - acceptifmx - senderokwithdns +
> [0.0.0.0]/0 relaycustomer - acceptifmx - senderokwithdns +
> # -- 4th alternate: Sender & recipient DNS existence verify
> #. senderokwithdns - acceptifdns -
> #[0.0.0.0]/0 senderokwithdns - acceptifdns -
> #|
> #| Also you may add 'test-dns-rbl +' attribute pair to [0.0.0.0]/0
> #| to use Paul Vixie's http://maps.vix.com/ MAPS RBL system.
> #|
> #| These rules mean that locally accepted hostnames MUST be listed in
> #| the database with 'relaytarget +' attribute.
> #|
>
> In your case you propably should be using the first alternate pair.
>
>
> > > Trevor Paquette | MetroNet Solutions
> |Work:(403)543-2355
> > > TrevorPaquette@mcc.net |4300, 150 6th Ave SW|
> Fax:(403)543-2854
> > > http://www.mcc.net |Calgary, AB, Canada
> > > |ICBM:51'03"N/114'05"W
> > > Senior Unix Network Architect| T2P 4K9 |Mind:In the
> Rockies
>
> /Matti Aarnio <mea@nic.funet.fi>