jasons at adventureaquarium
May 6, 2009, 8:17 AM
Post #20 of 24
> -----Original Message-----
> From: Markus Stumpf [mailto:lists-qmail [at] maexotic]
> Sent: Wednesday, May 06, 2009 11:04 AM
> To: Jason Staudenmayer
> Cc: qmail [at] list
> Subject: Re: badmailfrom question
> On Wed, May 06, 2009 at 10:16:05AM -0400, Jason Staudenmayer wrote:
> > I have the patch applied but I have never really set this file for
> > blocking.
> badmailfrom ist a native feature of qmail. You don't need a
> patch for that.
> > Is it 'safe' to put my domain in the badmailfrom file to
> block emails
> > sent as my users? I figure my users should never send email from my
> > domain from outside my network right.
> You have to substitute "network" with "mailserver". If you
> have a badmailfrom then *nobody* can inject messages with
> addresses/domains in that file via SMTP to your server (even
> not via Outlook or Thunderbird) from your local network.
> There are solutions however.
> Some SMTP AUTH patches disable the use of badmailfrom if the
> user is authenticated (you have to check your AUTH patch (if
> you use one) if it does).
> Another possibility is to separate and have 2 qmail-smtpds
> running on different IP addresses (one internal one external)
> - compile another copy of qmail with "conf-home" set to another place
> (like /var/qmail-local) and install it.
> - then make the control files identical
> ln -sf /var/qmail/control/* /var/qmail-local/control/
> and rm /var/qmail-local/control/badmailfrom
> - now make the binaries all the same so they use only one queue:
> do cp /var/qmail-local/bin/qmail-smtpd
> then rm -rf /var/qmail-local/bin
> and ln -s /var/qmail/bin /var/qmail-local/bin
> - edit /service/qmail-smtpd/run and change the IP address
> this tcpserver
> listens on to the external address
> restart: svc -t /service/qmail-smtpd
> - duplicate /service/qmail-smtpd/ to /tmp/qmail-smtpd-local/
> mkdir /tmp/qmail-smtpd-local/
> cd /tmp/qmail-smtpd-local/
> ( cd /service/qmail-smtpd; tar cfv - . ) | tar xfv -
> edit /tmp/qmail-smtpd-local/run and change the external
> address to the
> local address and "qmail-smtpd" to "qmail-smtpd-local"
> you may also want to clean out logfiles:
> rm /tmp/qmail-smtpd-local/log/main/*
> activate the new service:
> mv /tmp/qmail-smtpd-local /service/qmail-smtpd-local
> wait a few seconds.
> - check if everything works (maybe by checking logfiles and telnetting
> to port 25 of the external and internal address)
> Have all your users use the local address to inject mails via smtp.
> Markus Stumpf
Would it be possible to use tcp.smtp file to configure separate badmailfrom files?
I'm trying to test this but it doesn't seem to pickup the badmailfrom-test settings. I have my email address blocked and manualy send emails via telnet I cannot get it to block my address.