2. Tech
  3. Prevent Abuse of Mail Relay under QMAIL Mail System

Prevent Abuse of Mail Relay under QMAIL Mail System

zhaozj2021-02-11  199

Prevent Abuse of Mail Relay under QMAIL Mail System

Linuxaid.com.cn

Ideal

Back to〗 Forward〗

Summary: This article discusses how to prevent Mail Relay from spam administrative solution in a QMAIL environment. Software Environment: redhat6.2 qmail1.3 hardware environment: HP NetServer E60 128M memory single network card, what is Mail Relay and why prevent abuse? After setting up a QMAIL server, the server will have one or several domain names (these domain names should appear in the local or viritualdomains file), at this time, qmail-smtpd will listen to the No. 25 port, waiting for the request for remote email. Other Mail servers on the network or MUA requests to send mail messages, such as Outlook Express, Foxmail, etc., will connect the QMAIL server's 25th port, request sending mail, the SMTP session process is usually starting from remote identity The process is as follows: Helo Remote.system.domainName 250 qmailserver.domain mail from: user@somainmault.net 250 ok rcpt to: user1@elsewhere.net mail recipient user1@elsewhere.net Domain name@elsewhere.net is not necessarily a local name At this time, local system may have two answers, accept it: 250 ok or refuse to accept it: 553 Sorry, .that domain is not in My Domain List of allowed Recphosts, local QMAIL server is allowed to be RELAY, It receives and agrees to pass a destination address is not a local message; and the second case does not receive non-local mail. Qmail has a configuration file called RCPTHOSTS (this file name source from the RCPT TO command) determines whether to accept one email. This message is only accepted when the domain name of the recipient address in a RCPT TO command is in the RCPTHOSTS file, otherwise the message is rejected. If the file does not exist, all mail will be accepted. When a mail server does not care for the mail recipient and the mail recipient, it is called an open forward (Open relay). When the QMAIL server does not have RCPTHOSTS, it is open forward. If the system administrator sets its own mail server to Open Relay, some spam senders will cause your mail server as a relay station that forwards the autism, which will give the spam recipient to your head, possibly It will lead to a retaliatory mail bomb; spam can also consume a lot of resources, accounting for your bandwidth. More bad things may be your name may go to the blacklist, becoming the target of other mail recipients, and your email will be refused by these recipients. Second, the method of preventing Mail Relay is abused one by this method only for the user IP address fixed, such as a unit has its own Class C address, and has its own local area network, the mail server is only available to LAN users e-mail. To set your own server as non-Open recomlay is to put all domain names of your mail server (if DNS's MX records to the machine, you should also include this domain name. For example, your machine has three domain name mail.linxuaid.com. CN, Mail1.LinuxAid.com.cn, and LinuxAid.com.cn's MX point to mail.linuxAid.com.cn, Qmail's RCPHOSTS should include mail.linuxaid.com.cn, mail1.linuxaid.com.cn and Linuxaid.com.cn).

This will only allow customers to connect to the server to send emails, without allowing users to forward mail through MUA, and support customers to use MUA to send mail, must allow customers to use servers forward mail. Qmail-SMTPD supports a method of selectively ignoring the RCPTHOSTS file: If the qmail-smtpd environment variable RELAYCLIENT is set, the RCPTHOST file will be ignored, and the relay will be allowed. But how do I identify if a mail sender is your own customer? It is to determine the source IP address sent by the sender. If the IP address is a local network, it is considered that the sender is your own customer. Here, use the TCPServer program of the UCSPI-TCP package. The functionality of the program is similar to the INETD-listening connection request, setting various environment variables for the service to be started, and then start the specified service. TCPServer's profile is /etc/tcp.smtp, which defines whether setting a RELAYCLIENT environment variable for a network. For example, the local network is an address of the address of 192.168.10.0.04, and the contents of TCP.smtp should be set as follows: 127.0.0.1: "192.168.10 .:Allow ,ylayclient=": Allow The meaning of these rules refers to the connection from 127.0.0.1 and 192.168.10, and other connections are allowed to set the environment variables, but do not set the RelayClient environment variable. This will be allowed when the Local No. 25 from another place will be allowed, but since the environment variable is not set, its connection will be refused by qmail-smPTD. But TCOPServer does not use the /etc/tcp.smtp file directly, but it needs to be converted to the CBD file first: [Ideal @ aidmail / etc] $ # tcprules tcp.smtp.cdb tcp.smtp.temp

After the Vpopmail installation is complete, the operator runs the program as follows: 40 * * * / home / vpopmail / bin / clearopensmtp 2> & 1> / dev / null is also a list of IP addresses allowing the RELAY every 40 minutes, A user will first take the letter through the POP3 (because the letter is required to be authenticated through the POP3, it can ensure that this is a legal user), then the user can forward the email through the mail system within the later 40 minutes. Allows the mail to be forwarded through the system. Second, the method of preventing Mail Relay is abused with a log system with roaming users, preventing another way to prevent it from being abused from being required to be authenticated when sending an email, just like the user's recruitment requires authentication. It is assumed here that the system has been installed success qmail-1.03 and vpopmail, and the original system runs normally. 1. Download the program: QMAIL-SMTP patch password test patch downloads from these two addresses to QMail-SMTPD-auth-0.26.tar.gz and cmd5checkpw-0.22.tar.gz. 2, compile installation QMAIL-SMTPD will decompress qmail-smtpd-auth-0.26.tar.gz: [root @ www src] # tar xvfz qmail-smtpd-auth-0.26.tar.gz [root @ www src] # CD Qmail-smtpd-auth-0.26 [root @ www qmail-smtpd-auth-0.26] # ls change qmail-smtpd.c qmail-smtpd.patch will install QMAIL-SMTP under successful QMAIL directory. C copy to qmail-smtpd-auth-0.26 directory: [root @ www qmail-smtpd-auth-0.26] # cp ../qmail-1.03/qmail-smtpd.c ./ The file is then patched: [ Root @ www qmail-smtpd-auth-0.26] # patch -p1

3, compilation and installation KPW-0.22.tar.gz decompression, compile, compile: [root @ www src] # tar xvfz cmd5checkpw-0.22.tar.gz [root @ www src] # CD cmd5checkpw-0.22 [root @ www cmd5checkpw- 0.22] # make; make instoll4, set the Relay rule. Relay means that the server accepts the client's SMTP request to forward the client to third parties. QMAIL controls relay is simple, as long as the environment variable of the client access SMTP process is included, it allows the RELAY, otherwise rejected. Implementation method is to set up the IP of Relay (RelayClient = ") in /etc/tcp.smtp, and then generate a rule table with TCPRULES. Because this article wants to implement SMTP authentication, it is not necessary to pre-set any IP, so the default rule is set to "only" server relay ". /etc/tcp.smtp content should be: 127.0.0.1: ": Allow Regenerate new TCP.SMTP.CDB file: / usr / local / bin / tcprules /etc/tcp.smtp.cdb / ETC / TCP.SMTP.TMP

转载请注明原文地址:https://www.9cbs.com/read-3499.html

9cbs

New Post(0)