Hi all,
In my office we are using SM for external user to connect to our exchange server. we're using squirrelmail 1.4.9a and postfix-2.3.4. we are having issue these few days where spammer can send email through this webmail using other domain to send to internet. below is the log from maillog:
Aug 30 05:05:06 webmail postfix/smtpd[1470]: connect from localhost.localdomain[127.0.0.1]
Aug 30 05:05:06 webmail postfix/smtpd[1470]: 5621323FA7: client=localhost.localdomain[127.0.0.1]
Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squirrel@mydomain>
Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<info@xxxxxxxxx>, size=1501, nrcpt=201 (queue active)
Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from localhost.localdomain[127.0.0.1]
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<christophergilbert777@xxxxxxxxxxx>, relay=192.168.0.10[192.168.0.
10]:25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris24@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:25, del
ay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris4wendy2@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:25
, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris_taylor99@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:
25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
and so on (there were around 200 email).I dont know whether this is squirrelmail or postfix issue. my question is, how come someone use this webmail without authenticate their self and sending email to internet? (users authenticate with active directory)
below is my postfix configuration just in case needed.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost
mydomain = mydomain
myhostname = webmail.mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
relay_domains = $mydomain
relayhost = [192.168.0.10]
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
check_relay_domains,
check_sender_access hash:/etc/postfix/maps/check_sender_access,
permit
check_sender_access
mydomain OK
Thank you for your help
Hendry
In my office we are using SM for external user to connect to our exchange server. we're using squirrelmail 1.4.9a and postfix-2.3.4. we are having issue these few days where spammer can send email through this webmail using other domain to send to internet. below is the log from maillog:
Aug 30 05:05:06 webmail postfix/smtpd[1470]: connect from localhost.localdomain[127.0.0.1]
Aug 30 05:05:06 webmail postfix/smtpd[1470]: 5621323FA7: client=localhost.localdomain[127.0.0.1]
Aug 30 05:05:06 webmail postfix/cleanup[1473]: 5621323FA7: message-id=<7a2d144cd865d8824ecac6ef0cc92afb.squirrel@mydomain>
Aug 30 05:05:06 webmail postfix/qmgr[1155]: 5621323FA7: from=<info@xxxxxxxxx>, size=1501, nrcpt=201 (queue active)
Aug 30 05:05:07 webmail postfix/smtpd[1470]: disconnect from localhost.localdomain[127.0.0.1]
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<christophergilbert777@xxxxxxxxxxx>, relay=192.168.0.10[192.168.0.
10]:25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris24@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:25, del
ay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris4wendy2@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:25
, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
Aug 30 05:05:07 webmail postfix/smtp[1475]: 5621323FA7: to=<chris_taylor99@xxxxxxxxxxxxx>, relay=192.168.0.10[192.168.0.10]:
25, delay=1.2, delays=0.77/0.21/0.02/0.17, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9FC34C8065)
and so on (there were around 200 email).I dont know whether this is squirrelmail or postfix issue. my question is, how come someone use this webmail without authenticate their self and sending email to internet? (users authenticate with active directory)
below is my postfix configuration just in case needed.
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost
mydomain = mydomain
myhostname = webmail.mydomain
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
relay_domains = $mydomain
relayhost = [192.168.0.10]
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_recipient_restrictions = permit_mynetworks,
check_relay_domains,
check_sender_access hash:/etc/postfix/maps/check_sender_access,
permit
check_sender_access
mydomain OK
Thank you for your help
Hendry
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
