Teddys iptables firewall script needs tweaking
Kevin Cozens
kcozens-qazKcTl6WRFWk0Htik3J/w at public.gmane.org
Sat Nov 22 18:44:57 UTC 2003
At 03:06 AM 11/22/2003 -0500, teddy mills wrote:
>I was not an openrelay, but somehow someone from Asia found a way to use my
>qmail as an openrelay
>teddy mills
If someone was able to use your machine as an open mail relay and you are
using Qmail, there is something very wrong with the configuration of your
Qmail system. While it is a good thing to review your firewall settings,
that is not the way to stop people from using your machine to relay mail.
You need to look at how your Qmail is configured.
The likely reason for Qmail acting as an open relay is you do not have an
rcpthosts file in your /etc/qmail/control directory (or it may be under
/var instead of /etc depending on how Qmail was installed).
The rcpthosts file should contain a series of lines with one domain name on
each line. The lines in this file are the list of domains for which Qmail
will accept mail. IIRC, without this file, Qmail will accept mail for all
domains. If the file is 0 bytes long, it will refuse mail regardless of the
domain in the To: lines.
There is usually a config and config-fast program in /var/qmail/bin which
should be run when Qmail is first installed to set up the basic
configuration files needed by Qmail.
Cheers!
Kevin. (http://www.interlog.com/~kcozens/)
Owner of Elecraft K2 #2172 |"What are we going to do today, Borg?"
E-mail:kcozens at interlog dot com|"Same thing we always do, Pinkutus:
Packet:ve3syb-XXPEJ3/fxIc at public.gmane.org#con.on.ca.na| Try to assimilate the world!"
#include <disclaimer/favourite> | -Pinkutus & the Borg
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list