scalix being used as a spam relay ... wtf! HELP!!!

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

nokesc
Posts: 49
Joined: Thu Jul 05, 2007 1:12 pm

scalix being used as a spam relay ... wtf! HELP!!!

Postby nokesc » Tue Jul 24, 2007 2:20 am

I'm not sure how this is happening. I'm new to setting this stuff all up. I setup a scalix server for an office and it crashed because it was being used as a spam relay ... I had the smtpd.cfg setup correctly but it still happened SO I blew it away and started over with a fresh install of Suse 10 and scalix and tested via "telnet host 25" to see if I was being blocked. I would get something to the effect of ...

rcpt to: wtf@jerkland.org
553 5.1.8 jerk@whatever.net... Domain of sender address jerk@whatever.net does not exist

Ok so this is good, it meant no one could use my server as a spam relay. I then decided to move on to setting up Mailwasher and got it working but now I notice everything is getting through telnet host 25 with rcpt to: wtf@jerkland.org ..... HELP!!!

nokesc
Posts: 49
Joined: Thu Jul 05, 2007 1:12 pm

Postby nokesc » Tue Jul 24, 2007 3:22 am

Ok it seems to be the INPUT_MAIL_FILTER line ... if I remove the following below then sendmail seems to operate according to the smtpd.cfg using the RELAY lines ...

INPUT_MAIL_FILTER(`mailwasher_server', `S=unix:/var/run/mwserver/mpd.sock, F=T, T=S:4m;R:4m')
define(`confINPUT_MAIL_FILTERS', `mailwasher_server')


... wtf but then mailwasher isnt being used ... whats the deal?

jaime.pinto
Scalix Star
Scalix Star
Posts: 709
Joined: Fri Feb 23, 2007 6:50 pm
Location: Toronto - Canada

Postby jaime.pinto » Tue Jul 24, 2007 8:58 am

You getting things confused.

If you're having *OPEN* RELAY, just close it.
If you have *spam attach*, just identify the offender and and block its access to your server (do a search on spam attach)
If you are having spam/virus getting through to *your users*, then introduce a anti-spam/anti-virus agent.

In your case with mailwasher, just reverse the order of the lines. Take a look at this post for a reference on a typical sendmail.mc
viewtopic.php?t=8290#37529
Last edited by jaime.pinto on Tue Jul 24, 2007 12:06 pm, edited 1 time in total.
Image Jaime
||||||||||||||||||||||||||||||||||||||||

nokesc
Posts: 49
Joined: Thu Jul 05, 2007 1:12 pm

Postby nokesc » Tue Jul 24, 2007 11:23 am

I've now run into another problem ... I moved the server to a new network from 192.168.1.102 to 192.168.0.64 ... mail works and spam is blocked as expected the RELAY lines reject anything outside 192.168. but now mailwasher has stopped filtering ... wtf!!

The only thing I changed was the server ip and then updated the /etc/hosts ... do I need to update something else to get mailwasher to work?

jaime.pinto
Scalix Star
Scalix Star
Posts: 709
Joined: Fri Feb 23, 2007 6:50 pm
Location: Toronto - Canada

Postby jaime.pinto » Tue Jul 24, 2007 12:05 pm

You probably better off restarting the installation from scratch, OS and scalix.
Scalix doesn't emphasize this enough (probably because they are not too proud of it), but you need to determine the *name* and *IP* of your scalix server way before hand, and *NEVER!!!!* change it again, EVER!!!! If you do, everything breaks.
There are ways around it, if you search the forum and the wiki for specific instructions. Not pretty.
Image Jaime
||||||||||||||||||||||||||||||||||||||||

nokesc
Posts: 49
Joined: Thu Jul 05, 2007 1:12 pm

Postby nokesc » Tue Jul 24, 2007 12:11 pm

Ok I figured out what happened ... for whatever reason the MAIL_FILTER lines in the /etc/sendmail.cf were missing ... I reran omsendin and now it's working ... even Mail Washer is working!!! kinda ...

new problem, mailwasher seems to be quarentining everything outgoing ... ideas?

jaime.pinto
Scalix Star
Scalix Star
Posts: 709
Joined: Fri Feb 23, 2007 6:50 pm
Location: Toronto - Canada

Postby jaime.pinto » Tue Jul 24, 2007 12:18 pm

There are only a hand full of users with mailwasher on the forum. Good luck.
Image Jaime
||||||||||||||||||||||||||||||||||||||||


Return to “Scalix Server”



Who is online

Users browsing this forum: Google [Bot] and 2 guests

cron