QMail's Relay Filters Allow SPAM?

ynotds asks: "Our low profile, security-conscious specialty hosting service might have been relaying spam from an untraceable IP for around 43 hours before we tracked the source of a significant traffic increase across quite a few of our less active client IPs. After we firewalled the first spammer IP, three more appeared in quick succession trying the same thing, then after we took qmail down for a while and brought it back up, another group of four tried the same trick, all but one from 203.x.x.x IPs like our own. We now have 90Mb of mainly these unsent messages in our (appropriately named) mess directory queues, but don't want to get side tracked into duplicating others' research if this is a better known problem than it appears to be after another scan of anti-spam resources."

Now would be a good time to look into Sendmail

Sendmail might be plagued with a bad history, but everything out there has a local exploit now and then, and the fact remains that Sendmail is still the most configurable, stable, and scalable MTA out there. I've put in a great deal of time testing, comparing, and benchmarking (on a limited basis) between Sendmail, Postfix, qmail (nice license, bleh), Exim, and Smail. Sendmail wins hands down, and you won't find anything better in the hands of a skilled administrator. The SPAM protection is great! Now with 8.12.0 no longer running suid root, there's no chance of me looking at anything else. Give it a try!

These days...

[Diplomat73]

Spam mail is getting very bad, personally I cant wait until Congress rules on it. In the meantime you have to do something, right? In my opinoin two really great sites that cover this are here and here. The first one has some vey useful tools that may help, the second is basically a how to. As for your question, What you probably need is some anti-relaying filters. Perhaps the best site for your problem is here. They have some pointers on how to secure your current mail(Qmail in your case) system against third-party relay. Along with Qmail they cover other mail systems including pmdf and Dmail. Hope I could help

Little details

[Paulo]

You don't mention many details about how did they manage to send spam. In my experience, qmail's antispam measures, when properly configured, are as good as anyone else's, and of course, if one of your customers suddenly decides to become a spammer, there's little you can do (the same goes if they are stupid enough to run an open relay that has you as their smarthost).

Are there any MTA version statistics collectors?

[fishnuts]

Like netcraft's webserver statistics collection, is there something that is actively scanning mailservers and storing general stats on what software people are running as MTAs? If someone's not doing this, I'd love to start. I have a feeling sendmail is still the world's #1 mailserver for MTAs listed in domains' MX records, but M$ Exchange may be overall #1 just because it's running on nearly every NT/Win2k Server out there (usually promiscuous, too)

qmail's anti-spam works for me

[toast0]

I'm not sure what kind of spamming is being done, but with proper configuration of qmail (not hard to do), it will refuse to accept messages for destinations not in its accept list, unless the messages come from a set of ip's you specify.

this wouldn't stop inbound spam to mail domains you host, but it would stop you from being an open relay.

Might have relayed spam.

[AX.25]

You say you might have relayed spam, but you offer no proof. In a properly setup qmail installation, you will not relay. You may accept messages that are spam (like any other MTA), but those messages won't go anywhere. Read life with qmail. If you have setup differently, then rebuild using lifewithqmail instructions.

You will know soon.

orbz They will tell you if you are or not. Good Luck.

Do not blame your mistake on Qmail

[davidu]

Ok, I can't believe I am going to bite on this troll but here it goes:

QMAIL is not your problem. In fact, even if you REALLY screw up in your setup qmail is still hard to use as a relay as you ACTIVELY have to open it up as one.
Now I'll get to your points (which are few):

I think you are saying that qmail allows relaying. -- That is false. If you read the relaying section in life with qmail you will notice that it says "If you follow the official directions for installing qmail, relaying will be turned off by default." -- Obviously you messed that up.

To monitor your rule you will look in the /etc/tcp.smtp file and find rules in this pattern:
IP address of client:allow,RELAYCLIENT=""
IP address of client:allow,RELAYCLIENT=""

Now unless you are using like pop-before-smtp then that' it. If you are using pop-before-smtp make sure your cron job is running every half hour to clear out old relay entries.

<RANT> PLEASE DON'T BLAME QMAIL FOR YOUR MISCONFIGURATION</RANT>

You can email me privately if you still need help and Cliff, you should not have posted this troll.

-dave

Re:Do not blame your mistake on Qmail

My God you fucking arrogant prick, give the guy a break. It's comments like yours that make me glad I'm not a Linux weenie. You're all hard to deal with. Go take a class in respect from your mother and until then dave, shut the fuck up.

Re:Do not blame your mistake on Qmail

[davidu]

Someone woke up on the wrong side of the bed this morning...

-dave

Re:Do not blame your mistake on Qmail

Yea - you. Get off your high horse and try to contribute to the community instead of turning on the flame thrower.

Re:Do not blame your mistake on Qmail

[davidu]

I told the guy he could email me if he had trouble.

I was just pissed he blamed qmail for a fault of his own and worse, posted it to a public server.

-dave

Re:Do not blame your mistake on Qmail

Amen! The world needs fewer people like this prick.

Yes.

[Russ+Nelson]

Yes, Dan Bernstein has been running surveys of SMTP servers.
-russ