stunnel with SMTPD -> open relay!

[btisdall]

Hi Mike,

this is one of the best howtos IMO:

http://www.flatmtn.com/computer/Linux-S ... pache.html

BTW, I noticed elsewhere that you mentioned implementing smtps in connection with a spam problem. Having secure smtp in place isn't likely to have any impact on spam I'm afraid, though it's definitely a good thing for the privacy of your users' data.

Please take note of Dave's contribution to the thread!

Best

[bluemike]

Regarding the spam issue. One user indicated that it worked wekk for him:

This one shows the setup I used and the outcome of it, the final solution to the problem is linked at the end.
http://www.scalix.com/community/viewtopic.php?p=19413

We are not actually sending out any spam, but I am getting so many of syslog messages like the ones below, that it's beginning to impact system resources.

Code: Select all

firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  204.144.142.1 (net.indra.com)  46103 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  70.16.110.75 (static-70-16-110-75.ptldme.east.verizon.net)  41222 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  199.236.68.152 (netstarweb.com)  39320 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  70.87.98.98 (366.hostxtremplus.org)  38516 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  70.85.106.54 (36.6a.5546.static.theplanet.com)  45313 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  70.84.136.170 (aa.88.5446.static.theplanet.com)  43285 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  69.72.218.4 (unresolved)  41504 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  202.51.128.141 (solaris.lanka.net)  50432 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  216.242.245.3 (mail.angelolaw.com)  41948 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  202.14.177.1 (max.ilb.com.au)  45455 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  67.99.176.30 (unresolved)  57240 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  66.211.137.251 (yuntai1.goldenware.com)  60391 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  66.150.161.56 (unresolved)  52909 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  66.100.167.128 (usa5.com)  52974 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  70.16.110.75 (static-70-16-110-75.ptldme.east.verizon.net)  41199 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  65.98.56.202 (servermax.info)  57863 25 syn (SMTP-Outgoing)
firewalld[137]: allow out eth1:0 60 tcp 20 64 192.168.111.17 (emailserver)  195.137.225.6 (files.titus.de)  42125 25 syn (SMTP-Outgoing)

[ianare]

I think the main thing is having only 127.0.0.1 accept connections in smtpd.cfg, and routing the webmail to that port rather than the FQDN.
But I'm still pretty new to all this... all I know is after following Ben's stunnel instructions all those annoying messages stopped.

This is how I generated my stunnel pem files:

Code: Select all

# cd /etc/stunnel
# openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem
# chmod 600 stunnel.pem

[bluemike]

Oddly, this whole problem seems to have gone away. Suddenly, two days ago, the messages per hour dropped back down to a normal 8K.

I don't know why it would suddenly stop like that, but I like to think that I have such mad skillz that the Internet itself reacts to my very will...

Yes, I'm sure that's it