> -----Original Message----- > From: tonix (Antonio Nati) [mailto:[EMAIL PROTECTED] > Sent: Tuesday, April 19, 2005 5:24 PM > To: vchkpw@inter7.com > Subject: Re: [vchkpw] (Urgent) qmail-smtpd Bug !!!!!!!!! > > > You may disable acceptance of message from not authenticated > users only if you make one of these changes: > > - delete any entry from rcpthosts If I did so, no one can send emails to my local domains.
> or > - modify auth patch so that only auth relaying is allowed. > I think that is a good solution , but how I can modify it ?????? > Tonino Thanks and Best Regards. Samir Noshy At 16.24 19/04/2005, you wrote: >Hi Everybody, > >I have a system consists of qmail 1.03 and vpopmail-5.4.9 and >courier-imap-4.0.2 and SM and QS. > >I think that there is a bug in the qmail-smtpd. > >the bug that I can send mail as/from a local account to any other local >account Although I use SMTP auth provided by : >http://www.fehcom.de/qmail/smtpauth.html. > >smtpd and SMTP Auth. must prevent anyone to Impersonate and send mail >from an Local Account other than his Local Account to any other Local account. > >Imagine that I host the two domains: companyXX.com and companyYY.com >for example. > >So , an any person who did not belong to companyXX.com can Impersonate >as [EMAIL PROTECTED] and send a formal email - w/o authenticating of >course - to [EMAIL PROTECTED] or [EMAIL PROTECTED] > >I want to do that to prevent any other third party - or even any local >account users- to Impersonate and send mail from an other Local Account >to any other Local account. > >By the way; My /var/qmail/supervise/qmail-smtpd/run as follow : > > > >#!/bin/sh > ># when QMAILQUEUE is set, all mail will be sent to the nominated script >QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE > >QMAILDUID=`id -u vpopmail` > >QMAILDGID=`id -g vchkpw` > >exec /usr/local/bin/softlimit -m 15000000 \ /usr/local/bin/tcpserver \ > >-v -x /etc/tcp.smtp.cdb \ > >-c 20 -R -u "$QMAILDUID" -g "$QMAILDGID" 0 smtp \ >/usr/local/bin/rblsmtpd -b -C \ > >-r 'relays.ordb.org:Your message was rejected because the mail server >you use is configured to allow OPEN RELAY - More detailed information >regarding this problem is available from >http://www.ordb.org/lookup/?host=%IP% ><http://www.ordb.org/lookup/?host=%IP%> - Please forward this error >through to your email server support staff for easy resolution.' \ > >-r 'list.dsbl.org:Your message was rejected because the message was >sent from a server listed in DSBL - More information regarding this >problem is available at http://dsbl.org/listing?%IP% ><http://dsbl.org/listing?%IP%> - Please forward this error to your >email server support staff for resolution.' \ > >-r 'sbl-xbl.spamhaus.org:Your message was rejected because the message >was sent from a server listed in the Spamhaus RBL - More information >regarding this problems is available at >http://www.spamhaus.org/query/bl?ip=%IP% ><http://www.spamhaus.org/query/bl?ip=%IP%> - Please forward this error >to your email server support staff for resolution.' \ > >/var/qmail/bin/qmail-smtpd \ > >/home/vpopmail/bin/vchkpw /bin/true 2>&1 > > > >Can anyone help me to work around this problem ???? > > >Best Regards. > >Samir Noshy
