[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Qube 3 - How to stop spam?

Subject: Re: [cobalt-users] Qube 3 - How to stop spam?
From: Parker Morse <morse@xxxxxxxxxxx>
Date: Tue Nov 13 09:51:47 2001
Organization: Sinauer Associates, Inc.
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

John says:
>> I tried what you told me and the result is "System appeared to accept 1 relay
>> attempts."

>> Actually, my company do not use POP.  We all receive and send mails through
>> the
>> qube's webmail and do not need to relay anything through my qube.  Is there
>> anything I can do to reject all mails going to my qube that are not sent to
>> my
>> domain?

Despite helpful suggestions to use your firewall, it's not going to help.
The Qube3's firewall will stop packets addressed to other ports than your
SMTP port, but the spam being relayed will in fact be addressed to the
correct port on your machine, so to a firewall it will appear to be
legitimate incoming email for your users. It's only when it gets to your
Mail Transfer Agent - sendmail on the Qubes - that it is recognized as
addressed to another machine, and sent along.

So you need to block this at sendmail.

I'm going to walk through this in tedious detail (partly for my own sake) so
those who aren't interested, delete now (or read and send me corrections,
which are welcome.) Standard disclaimer: I could be wrong.

First, let's shut off anything email related that you're NOT using. These
probably aren't the problem, but for security's sake it's a good idea to
turn off any services not in use anyway. Judging from what you wrote above,
here's what you can safely turn off:

Under "Email Services" and "Email servers", uncheck "POP Server" and "IMAP
Server". You should probably leave SMPT server checked, because that's how
your outgoing mail is processed.

The next step is to edit sendmail's access file. YOU SHOULDN'T DO THIS
UNLESS YOU'RE COMFORTBLE WITH THE SHELL. If you're not comfortable working
outside the Cobalt web interface, this isn't for you; you should hire
someone knowledgeable in sendmail to fix it for you.

If I haven't scared you enough... log in to your Qube. Make yourself root.
(If you don't know how to do this, reread the previous paragraph.) The file
we're working with is /etc/mail/access. First, back it up: make a copy named
access.date or something like that. Then open up the original with your
preferred editor. You should see a section like this:

#
# /etc/mail/access
#

# This file is automatically generated
# Please put custom changes at the end
# Cobalt Networks 1999

# Put custom additions below (Do not change/remove this line).

# Cobalt Access Section Begin

11.11.111.50    RELAY
10.6.18 RELAY
subdomain.domain.com    RELAY
domain.com     RELAY

# Cobalt Access Section End

...where the 11.11.111 bit is your IP number, the 10.6.18 is the first three
dotted-quads of your subnet, if any, and domain.com is your domain (and the
subdomain.domain.com is any other address you might use - we've got our
Qube's name in there.) Those lines are the ones written by the Cobalt GUI
when we did the relaying settings earlier.

DON'T MAKE ANY CHANGES above the line "Cobalt Access Section End."

BELOW that line, try adding lines like this:

66.163.35       ERROR:550 We don't accept email from spammers

I have this actual line in our access file, from a "lose weight" spam we got
last week. Replace the 66.163.35 line with the first three numbers of the IP
addresses that are relaying spam through your box. Duplicate as many times
as needed; then save the file and give this command:

makemap hash /etc/mail/access < /etc/mail/access

That should do the trick. If it doesn't work, rename your backup file to
"access" and issue the "makemap" command above again to return everything to
original settings.

The limitation of working with the "access" file is that it blocks based on
the source (not the destination) of the mail.

If this doesn't work, you'll have to muck with the actual sendmail
configuration file, which is big magic. I can't understand why you were set
up to relay in the first place; Qube3s come with a new enough version of
sendmail that the configuration should deny relaying (except from hosts
listed in the GUI) by default.

For more information visit <http://www.sendmail.org/tips/relaying.html>.

Hope this helps,

pjm

Follow-Ups:
- Re: [cobalt-users] Qube 3 - How to stop spam?
  - From: John Lee

References:
- Re: [cobalt-users] Qube 3 - How to stop spam?
  - From: John Lee

Prev by Date: Re: [cobalt-users] RaQ2 emergency help
Next by Date: Re: [cobalt-users] suid perl - 2 month old hazard]
Previous by thread: Re: [cobalt-users] Qube 3 - How to stop spam?
Next by thread: Re: [cobalt-users] Qube 3 - How to stop spam?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index