I've just gotten Scalix set up on our mail server, and it is able to send and receive mail through the webmail interface.
However, I can also telnet into the server on port 25 and create a new message and send it without any kind of authorization required.
I can do this from my home, which is a rr.com domain, not part of the domain our mailserver is in, of course.
What is this called, and how can I disable it? I want all interactions with the server to Require authorization, but this particular method doesn't.
Many thanks!
[Using Fedora Core 4]
Sendmail: Configuring to disallow anonymous sending? SOLVED.
Moderators: ScalixSupport, admin
-
jtaylor
Sendmail: Configuring to disallow anonymous sending? SOLVED.
Last edited by jtaylor on Wed Oct 11, 2006 12:18 am, edited 1 time in total.
-
florian
- Scalix
- Posts: 3852
- Joined: Fri Dec 24, 2004 8:16 am
- Location: Frankfurt, Germany
- Contact:
So, this depends on your situation.
Who can you send email to using this interface - recipients on your server only or everybody, even on a 3rd-party server? (i.e. can you send to billg@microsoft.com telnetting in from home?)
If you can send to anybody, your system is acting as an Open Relay. This is bad. please Search the forum for open relay on how to setup the Scalix SMTPD correctly to prevent this from happening.
If you can only send to users on your server, the next step depends on how your server is supposed to receive email.
If it gets email from externally directly (i.e. with a DNS-MX record pointing to it, what you describe is normal as this will be the communication method used by other mailservers to communicate with you. Unfortunately, the SMTP protocol has originally been designed to be non-authenticated. Even though authentication was later added to the protocol, email submission and exchange between mail servers on the Internet is unauthenticated today.
If it gets external email through some other method you can setup the Scalix SMTP relay to only accept authenticated connections. See comments in /var/opt/scalix/sys/smtpd.cfg for details.
Cheers,
Florian
Who can you send email to using this interface - recipients on your server only or everybody, even on a 3rd-party server? (i.e. can you send to billg@microsoft.com telnetting in from home?)
If you can send to anybody, your system is acting as an Open Relay. This is bad. please Search the forum for open relay on how to setup the Scalix SMTPD correctly to prevent this from happening.
If you can only send to users on your server, the next step depends on how your server is supposed to receive email.
If it gets email from externally directly (i.e. with a DNS-MX record pointing to it, what you describe is normal as this will be the communication method used by other mailservers to communicate with you. Unfortunately, the SMTP protocol has originally been designed to be non-authenticated. Even though authentication was later added to the protocol, email submission and exchange between mail servers on the Internet is unauthenticated today.
If it gets external email through some other method you can setup the Scalix SMTP relay to only accept authenticated connections. See comments in /var/opt/scalix/sys/smtpd.cfg for details.
Cheers,
Florian
Florian von Kurnatowski, Die Harder!
-
jtaylor
Who is online
Users browsing this forum: No registered users and 3 guests