hello Tomasz, what you need is called "POP before SMTP". So every user outside of the network needs first to sucessfully perform a USER xxx PASS xxx on the pop daemon, then, he is allowed to use STMP. Bye the way: I recommend you hardly to switch to qmail. Jan On Wed, 29 Jan 2003 15:55:42 +0000 (GMT), Tomasz Popik <popikt@yahoo.com> wrote: >Hello Everyone! > >I new here, i have wroute this message, because my >server was spam attacked, from 22 to 29 jan. Today i >have found that i have relay bug in /etc/mail/access. >And i need help to sove that. > >At 6:00 CET, i have logged in, and found that 90% of >CPU was consumed by unkow proceses. It was strange, >because linux box is powerfull. $ps aux gives me sure >that 90 times was runing sendmail. Next >/var/spool/mail/root was 800MB size, full of >MAILER-DAEMON. Next /var/mail/mqueu has 300.000 files >waited for later delivery. > >Some one found my sendmail server as spam sender, it >was 100% sure. > >I was countinue to investigate probelm, and found that >/etc/mail/access list have one to more IP. > >Here i must describe network layout : NAT-GATEWAY IP >is public xxx.xxx.xxx.xxx. This box have two eths, >inside is 192.168.0.2. The sendmail box have eth0 >192.168.0.3. I have dos SNAT and DNAT at >xxx.xxx.xxx.xxx box, to redirect ports 25 and 110 to >192.168.0.3. > >So now, the sendmail server see the internet via >192.168.0.2, and this was the key. Sendmail accepst >all mails send to delivery via IP 192.168.0.3. > >Here is situation right now , log: >=================================== >Jan 29 08:48:21 greattower sendmail[14542]: >h0T7jR8C014542: ruleset=check_rcpt, >arg1=<fudcr@bellsouth.net>, relay=my.domain >[xxx.xxx.xxx.xxx] (may be forged), reject=550 5.7.1 ><fudcr@bellsouth.net>... Relaying denied. IP name >possibly forged [xxx.xxx.xxx.xxx] >========================== > >So i have edited my /etc/mail/access and erase >192.168.0.2 RELAY > >This was solution, spamers soon or later, found that >his emails is rejected, and stop to do its crime. But >i have problem. > >Now my POP3 and SMTP ports are not working for people >form outside of my network (7000 yard long and 150 >machine LANed). This is problem, because many of my >network people are in travel and want to send/receive >their mail. > >Here is question, how to open send/recevie mail for >outside peoples without beeing a remailer? How to >detect that his or she have mail account on my server? > >Thank for attention, and sorry for english. >TP > > >__________________________________________________ >Do You Yahoo!? >Everything you'll ever need on one web page >from News and Sport to Email and Music Charts >http://uk.my.yahoo.com >------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
