I have a problem with my mail system....

I got a couple of messages from mail checkers letting me know apparently I
am running an open mail relay, I checked, apparently they are correct.
First thing I have done is to stop qmail on my system to ensure no more
spam is being propogated.

I would like to get the system running again, however have tried a few
things and got kinda confused.

System details are below:

Anything into firewall on port 25, delivered to 192.168.254.100 10025

Spam assasin is listening on 192.168.254.100 10025

Spam assasin delivers to 192.168.254.100 25, this is qmail

If spampd is running but not qmail there are several spampd processes
running on 10025, some are in SYN_RECV from 64.5.54.133 random port 60000+.

If spampd is running but not qmail I cannot telnet to 127.0.0.1 25 or 10025.

When I start qmail (qmailctl start) I quickly get a lot of messages, nothing
to do with me in the queue's.

If Qmail is running I appear to have an open relay ie it's accepting
messages it should not.

/etc/tcp.smtp is:

127.:allow,RELAYCLIENT=""
192.168.254.1-100:allow,RELAYCLIENT=""
:allow

/var/qmail/control/rcpthosts is:

mail.danshome.org
danshome.org

Anything else you need to know please ask. It's a nightmare!

Danny

--
The box said Windows 98 or better, so I installed Linux

Header is false, correct is Danny at danshome dot org

[ Post a follow-up to this message ]

stuff deleted...
quote:

> If Qmail is running I appear to have an open relay ie it's accepting
> messages it should not.
>
> /etc/tcp.smtp is:
>
> 127.:allow,RELAYCLIENT=""
> 192.168.254.1-100:allow,RELAYCLIENT=""
> :allow


Hey Danny, why do you have the line above? ":allow" might be the
problem... remove that line and run qmailctl cdb.

Good Luck,
Mike

See ref to "Life with Qmail" http://web.infoave.net/~dsill/lwq.html

3.2.3. Allowing selective relaying
Most single-user and small workgroup servers can disable relaying
completely, but if you have to support a distributed user community,
you'll need a way to allow your users, and only your users, to use
your system as a relay. This is accomplished by using tcpserver to set
the RELAYCLIENT environment variable, which tells qmail-smtpd to
override the rcpthosts file.

If you follow the installation instructions in this document,
selective relaying will be enabled by default. To give a client relay
access, add an entry to /etc/tcp.smtp like:

IP address of client:allow,RELAYCLIENT=""

Then rebuild the SMTP access database by doing:

qmailctl cdb

or:

tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp*

If you followed the official installation instructions, Chris Johnson
has written another very nice document on how to configure qmail to
allow selected hosts to relay. See
http://www.palomine.net/qmail/selectiverelay.html.

[ Post a follow-up to this message ]

Hi,

<Your message shortened>
quote:

> Anything into firewall on port 25, delivered to 192.168.254.100 10025
> Spam assasin is listening on 192.168.254.100 10025
> Spam assasin delivers to 192.168.254.100 25, this is qmail
>
> If spampd is running but not qmail there are several spampd processes
> running on 10025, some are in SYN_RECV from 64.5.54.133 random port

60000+.
quote:

>
> If spampd is running but not qmail I cannot telnet to 127.0.0.1 25 or

10025.
quote:

>
> /etc/tcp.smtp is:
> 127.:allow,RELAYCLIENT=""
> 192.168.254.1-100:allow,RELAYCLIENT=""
> :allow


Your /etc/tcp.smtp is not used for inbound mail traffic as the firewall
routes it SA (10025). You should have either a similar configuration for SA
or let qmail pickup the mail and queue it through SA.

Regards,

Peter

[ Post a follow-up to this message ]

On Tue, 30 Sep 2003 09:51:19 +0200, "Peter" <news@site-demo.net>
wrote:
quote:

>Hi,
>
><Your message shortened> 
>60000+. 
>10025. 
>
>Your /etc/tcp.smtp is not used for inbound mail traffic as the firewall
>routes it SA (10025). You should have either a similar configuration for SA
>or let qmail pickup the mail and queue it through SA.
>
>Regards,
>
>Peter
>


Many thanks, taking SA out of the loop seems to have solved it. Will
now look at other ways of implementing SA with qmail.

Sorry to anyone that got spammed by my account 

Danny

[ Post a follow-up to this message ]