RE: [toaster] SMTP-AUTH does not work for me.

2004-06-30 Thread John Doe 
Any body know what is the problem in my case ?

here are a header from server when I send email:

 2351 > 220 a.net ESMTP
 2351 < EHLO condorc8y1adjr
 2351 > 250-a.net
 2351 > 250-STARTTLS
 2351 > 250-PIPELINING
 2351 > 250-8BITMIME
 2351 > 250 AUTH LOGIN PLAIN CRAM-MD5
 2351 < MAIL FROM: <[EMAIL PROTECTED]>
 2351 > 250 ok
 2351 < RCPT TO: <[EMAIL PROTECTED]>
 2351 > 250 ok
 2351 < DATA
 2351 > 354 go ahead
 2351 < Reply-To: <[EMAIL PROTECTED]>
 2351 < From: "John Doe" <[EMAIL PROTECTED]>
 2351 < To: <[EMAIL PROTECTED]>
 2351 < Subject: aaa
 2351 < Date: Wed, 30 Jun 2004 13:54:15 +0300
 2351 < MIME-Version: 1.0
 2351 < Content-Type: text/plain;
 2351 < charset="us-ascii"
 2351 < Content-Transfer-Encoding: 7bit
32351 < X-Mailer: Mic+
 2351 < rosoft Office Outlook, Build 11.0.5510
 2351 < Thread-Index: AcRekJWE2CMv/LJYRwudR4y50q3f6g==
 2351 < X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
 2351 <
 2351 < aaa
 2351 <
 2351 < .
 2351 > 250 ok 1088592746 qp 32354
 2351 < QUIT
 2351 > 221 a.net
32351 > [EOF]

and here is tcp.smtp

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-
queue"
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanne
r-queue.pl"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" 

I read lots of documntation in network
but nothing about my problem. I still can send email without authorization
and qmail-smtpd
does not block these emails.

I think that the problem may be is in configuration because
patch is applayed and compile successful.

Any body can help me?

Regards,
John


-Original Message-
From: John Doe [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 29, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: [toaster] SMTP-AUTH does not work for me.

Hello,

I installed a new version of netqmail-1.05 with the 'Large Qmail patch' but
SMTP-AUTH isn't working.


I took a new
netqmail-1.05 and only aplied the 'Large qmail patch' without errors.
compiled without errors, installed and started the daemons. There were no
startup errors.

When I try to send mail without authentification it works !?! So this
creates an open relay to me.

I use vpopmail 5.4.5 with MySQL Auth. The smtpd startup script is:

$more /etc/rc.d/rc.qmail
#!/bin/bash
export
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/var/qmail/bin:/var/vpopm
ail/bin"

  [ -f /var/qmail/bin/qmail-send ] || exit 0

  start() {
echo -n "Starting Qmail: "
qmail-start "`cat /var/qmail/dot-qmail`" splogger qmail &

# SMTP-AUTH w/RBL's
 tcpserver -H -l0 -R -c 512 -x /var/vpopmail/etc/tcp.smtp.cdb -u 89
-g 89 0.0.0.0 25 /var/qmail/bin/tcp-env \
tcp-env rblsmtpd -r bl.spamcop.net -r list.dsbl.org -r
rbl-plus.mail-abuse.org -r list.dsbl.org -r sbl.spamhaus.org \
  /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/true &


# SMTP-AUTH w/SSL
tcpserver -n /etc/ssl/certs/smtps.pem -x
/var/vpopmail/etc/tcp.smtp.cdb \
-s -H -l0 -R -u 89 -g 89 0 465 /var/qmail/bin/tcp-env \
tcp-env /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw
/bin/true &
  }

  stop() {
echo -n "Shutting down Qmail: "
killall qmail-send
killall tcpserver
rm -f /var/lock/subsys/qmail
  }

  case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
  esac

In old version this is work great, but in new version this does not work.
I can send email without authentication.

Any body know what is the problem ?

Regards,
John

Re: [toaster] remote conncurrency

2004-06-30 Thread Jason 'XenoPhage' Frisvold 
On Tue, 2004-06-29 at 18:12, Jeff Koch wrote:
> Hi Jason:
> 
> Thanks for the help. What exactly does 'tarpit' do? Something with a delay?

Yeah, basically, if qmail sees mail coming from the same source (not
sure what's considered a source), it will pause for a configurable
number of seconds before accepting the mail.  This can cause timeouts on
the far end, slowing down the attacking server.

-- 
---
Jason 'XenoPhage' Frisvold
Engine / Technology Programmer
[EMAIL PROTECTED]
RedHat Certified - RHCE # 803004140609871
MySQL Pro Certified - ID# 207171862
MySQL Core Certified - ID# 205982910
---
"Something mysterious is formed, born in the silent void. Waiting alone
and unmoving, it is at once still and yet in constant motion. It is the
source of all programs. I do not know its name, so I will call it the
Tao of Programming."


signature.asc
Description: This is a digitally signed message part

Re: [toaster] remote conncurrency

2004-06-30 Thread Tom Collins 
On Jun 30, 2004, at 7:39 AM, Jason 'XenoPhage' Frisvold wrote:
On Tue, 2004-06-29 at 18:12, Jeff Koch wrote:
Hi Jason:
Thanks for the help. What exactly does 'tarpit' do? Something with a 
delay?
Yeah, basically, if qmail sees mail coming from the same source (not
sure what's considered a source), it will pause for a configurable
number of seconds before accepting the mail.  This can cause timeouts 
on
the far end, slowing down the attacking server.
In an SMTP connection, after the sender has specified  
recipients, the server will wait  seconds in between each 
RCTP TO: command that the sender specifies.

So, it the sender is trying a dictionary attack (lots of recipients on 
a single SMTP connection), they'll be slowed down.  If they're spamming 
a lot of users in your domain (one connection to send a message to 
multiple recipients), they'll be slowed down.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Re: [toaster] SMTP-AUTH does not work for me.

2004-06-30 Thread Tom Collins 
On Jun 30, 2004, at 4:06 AM, John Doe wrote:
I read lots of documntation in network
but nothing about my problem. I still can send email without 
authorization
and qmail-smtpd
does not block these emails.
If you host a.net and you're sending mail to a.net, you don't need to 
authenticate.

If you test your connection from localhost or 10.x.x.x, you don't need 
to authenticate (since RELAYCLIENT is set in your tcp.smtp file).

So, make sure you test from a remote host and try to send mail to a 
domain you don't host.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

RE: [toaster] SMTP-AUTH does not work for me.

2004-06-30 Thread John Doe 
 

-Original Message-
From: Tom Collins [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, June 30, 2004 6:56 PM
To: [EMAIL PROTECTED]
Subject: Re: [toaster] SMTP-AUTH does not work for me.

On Jun 30, 2004, at 4:06 AM, John Doe wrote:
> I read lots of documntation in network but nothing about my problem. I 
> still can send email without authorization and qmail-smtpd does not 
> block these emails.

If you host a.net and you're sending mail to a.net, you don't need to
authenticate.

If you test your connection from localhost or 10.x.x.x, you don't need to
authenticate (since RELAYCLIENT is set in your tcp.smtp file).

So, make sure you test from a remote host and try to send mail to a domain
you don't host.

--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/

Hello again,
no I test from different network. (192.168.10.1) that is not in my tcp.smtp
file.
I think that the problem is in some of configuration files, because when I
remove
from vpopmail defaultdomain file my domain and added my domain in qmail
locals file
the email is not recived to user and log is:
Jul  1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg
277963 to local [EMAIL PROTECTED]
if I not make these changes email send/recive is work, and smtp auth is work
but not not blocked emails that is send without autorization.
Log is:
Jul  1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg
277963 to local [EMAIL PROTECTED]
but I don't know what file and in site shupp.org does not have any
documentation about
qmail/vpopmail configuration. The problem is not in tcp.smtp file.

Regards,
John

Re: [toaster] SMTP-AUTH does not work for me.

2004-06-30 Thread Tom Collins 
On Jun 30, 2004, at 7:11 PM, John Doe wrote:
I think that the problem is in some of configuration files, because 
when I
remove
from vpopmail defaultdomain file my domain and added my domain in qmail
locals file
the email is not recived to user and log is:
Jul  1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg
277963 to local [EMAIL PROTECTED]
That's expected behavior -- you're telling qmail that a.net is a local 
domain.  qmail will deliver mail to user blabla in the /etc/passwd 
file.

if I not make these changes email send/recive is work, and smtp auth 
is work
but not not blocked emails that is send without autorization.
Log is:
Jul  1 04:43:10 ns qmail: 1088646190.282575 starting delivery 377: msg
277963 to local [EMAIL PROTECTED]
Like I said before.  If a.net is a vpopmail domain, then anyone can 
send to it without needing to AUTH -- this is normal.  Try using a 
domain like hotmail.com for your SMTP AUTH test.  Qmail should reply 
that it won't relay the mail.

That log message is normal when a.net is a vpopmail domain.
--
Tom Collins  -  [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
Info on the Sniffter hand-held Network Tester: http://sniffter.com/