Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 13:56:35

Author Topic: [QMAIL] Recipient Verification to avoid spamming  (Read 18381 times)

0 Members and 1 Guest are viewing this topic.

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
[QMAIL] Recipient Verification to avoid spamming
« on: 2014-02-19, 20:59:52 »
Hello Mustafa,

I suggest to modify and include "Recipient Verification" for incoming messages.

Recently, we received thousands of emails with bogus_recipients@domain.com. As domain.com is in the rcphosts file, all non-existent emails randomly generated got delivered with bogus Return-Path. They  were relayed to hotmail, yahoo or google.

To prevnt this, the best is to use SPAMCONTROL:

http://www.fehcom.de/qmail/spamcontrol.html

If this is difficult, then atleast RCPTCHECK :

http://www.soffian.org/downloads/qmail/qmail-smtpd-doc.html

Or here:

http://www.memoryhole.net/qmail/

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #1 on: 2014-02-19, 22:25:50 »
We have spamdyke for this...

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #2 on: 2014-02-20, 07:13:51 »
Hello,

We have spamdyke for this...

We both are using kloxo and spamdyke from its begining!
Knowing that we have spamdyke and having configured spamdyke, I have placed the above message as spamdyke has failed.

Investigating the issue, I found that a combination od spamdyke and qmail has a fundamental flaw, which is well known to experts. For many years I thought that. Not anymore, looking at the new spammiing techniques used by spammers in the last weeks on my server. So let me explain you and Mustafa why I have placed this:

When an incoming connection is made from sender/spammer to the server, spamdyke will only check certain parameters of that connection.

One of them is rcphost.

Spamdyke fails to check is if an email address exists in the system at all. This means that if a domain exists in rcphost but not the email address, then spamdyke allows that connection.

Qmail does not check AT THE TIME OF AN INCOMING CONNECTIONif an email address exists. It will first accept an email for processing. That email is delivered in the first place.

Only thereafter Qmail wakes up and finds that the email could not be delivered because the recipients email address does not exists on the server.

Thereafter Qmail sends undelivered to the email address available in the Return-Path.

This is well known and used extensively by spammers.

Spammers use this flaw of Qmail to forge Return-Path != to sender's email address.


As a consequence, the undelivered goes to someone who did not send that email.

With this technique, my server became a spamming server. I needed to use firewall to block IP Address of the spammer.

Until I found above mentioned links, I did not really follow what was happening. Since the undelivered is never registered, an Administrator also never notices this abuse of a sever. Now I have read details of the flaw and respective solutions, I this it is neccesary to use more protection against this flaw of qmail.

Spacedust, let me know if I could change something in spamdyke to achieve the solution, if you think I missed something.

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #3 on: 2014-02-20, 17:10:26 »
Under domain, mail settings, catchall configure, set to delete, not bounce.

Also, this is another option like cron that we should have to set for clients.  Hostgator and godaddy both restrict setting catchall for this reason.  Mustafa, by default it is set to delete, which is good.  Can you add admin restrictions to catchall configure like cron.  Client can see, but not update.  Admin only can change.

OR remove the bounce option altogether. 
« Last Edit: 2014-02-20, 17:19:24 by chrisf »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #4 on: 2014-02-20, 19:10:19 »
Hi Chris,

Under domain, mail settings, catchall configure, set to delete, not bounce.

I always had catch-all setup to delete. None of the affected - or any other - accounts has bounce or any other mapping.

Until I used official Kloxo, I had absolutely no problems with catch-all. I ran into problems of the nature described above, only after I switched to Kloxo-MR.

Kloxo-MR did not delete those emails to non-existent email addresses to a domain existing in rcphosts file.
« Last Edit: 2014-03-29, 08:12:58 by Kloxo-DR »

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #5 on: 2014-02-21, 02:04:04 »
I believe you, and have not tested.  Maybe the catchall feature is not operating correctly since changing to qmail-toaster.  @spacedust, please investigate this issue on your servers.  Mustafa,  can you confirm catchall delete not working?

Please post the steps neccessary to make SPAMCONTROL work with KloxoMR.
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #6 on: 2014-02-21, 04:08:17 »
Command for deliver mail inside '/home/lxadmin/mail/domains/<domain>/.qmail-default'.

1. Without catchall will be '| /home/vpopmail/bin/vdelivermail '' delete'
2. With catchall will be '| /home/vpopmail/bin/vdelivermail '' /home/lxadmin/mail/domains/<domain>/admin'
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #7 on: 2014-02-21, 04:14:38 »
I can't reproduce the bounce.  I just tested multiple email accounts that didn't exist, but domain did.  They were all deleted, no bounce.

I do suggest removing bounce option for clients.
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #8 on: 2014-02-21, 08:51:00 »
Hi Chris,

I just tested multiple email accounts that didn't exist, but domain did.  They were all deleted, no bounce.

Now if Qmailtoaster checks - in addition to the available delete function - if the recipient exists much earlier, even before an email is delivered, then any requirement of ( catchall ==delete ) function is not necessary. This also means:

if ( config-catch-all == "activated" ) then
....... $check_config_of_catchall == "delete" || $check_config_of_catchall == "bounce"
else
...... §check_recipient_exists // by SPAMCONTROL or other less vigourous plugins
end

So, if $check_config_of_catchall is delete or bounce, only then email is accepted by the server.

Can you endorse if the programming logic to be correct, that  catchall=delete should be there and remain, even if it worked for you? Is that what you are saying?

I find catchall=delete childish, and beyond that, and find it silly and stupid function. I cannot endorse.

Offline Spacedust

  • Super Grand Master
  • ****
  • Posts: 4,050
  • Karma: +1/-0
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #9 on: 2014-02-21, 11:33:23 »
How to block something like this - interia.pl it's not our domain so it's spoofed:

Quote
--------------
MESSAGE NUMBER 404055
 --------------
Received: (qmail 25602 invoked by uid 7848); 20 Feb 2014 14:00:49 -0000
Message-ID: <20140220140049.25601.qmail@mail.xxx.pl>
To: abka@polbox.com
Subject: =?UTF-8?Q?Free=20Suplements?=
Date: Thu, 20 Feb 2014 15:00:49 +0100
From: =?UTF-8?Q?Dieta?= <KGregorK@interia.pl>
Sender: =?UTF-8?Q?Dieta?= <KGregorK@interia.pl>
Reply-To: =?UTF-8?Q?Dieta?= <KGregorK@interia.pl>
MIME-Version: 1.0
Content-Type: text/html;
 charset="UTF-8"
Content-Transfer-Encoding: =?UTF-8?Q?8bit?=

<p><a
href="http://track.acaiberry900.pl/product/AcaiBerry-900/?pid=129&uid=2061"
rel="nofollow">Czy wiesz, jak ?atwo mo?na schudnac</a></p>

<p><a
href="http://track.probolan50.pl/product/Probolan-50/?pid=116&uid=2061"
rel="nofollow">Czy ju? znasz najlepszy i najta?szy
sposób na nabranie masy</a></p>

<p><a
href="http://track.probolan50.pl/product/Probolan-50/?uid=2061&pid=116&bid=677"
rel="nofollow" title="jak szybko przytyc na wadze" ><img
src="http://track.probolan50.pl/banner/?uid=2061&pid=116&bid=677"
alt="jak szybko przytyc na wadze" /></a></p>

<p><a
href="http://track.metadrol.pl/product/Metadrol/?uid=2061&pid=120&bid=665"
rel="nofollow" title=" najlepsza odzywka na porost miesni
bez cwiczen" ><img
src="http://track.metadrol.pl/banner/?uid=2061&pid=120&bid=665"
alt=" najlepsza odzywka na porost miesni bez cwiczen"
/></a></p>
<br/><img width="1px" height="1px"
src="http://odel.pl/Admailer4/lkwiab_1.ejpg" />

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #10 on: 2014-02-25, 12:33:00 »
Hi Mustafa,

You have complied qmail-toaster with deactivated parameters. So most of the options in CHKUSER of 2.0.9 -DOES-NOT-WORK- IN THE CURRENT KLOXOMR 6.5.0f.

I suggest that you recompile the toaster and make an update of kloxomr.

Further, please also update spamdyke from 4.3.1 to 5.0.0.

The latest version of spamdyke includes exactly the feature to reject non-existing recipients. I made the update and got spamdyke 5 working. However all emails to non-existing recipients are accepted because the chkuser parameters are not properly compiled.

The modification or activation of chkuser + spamdyke 5 is a must. Until then, all kloxomr servers are vulnerable to such attacks.

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #11 on: 2014-02-25, 12:59:55 »
I will investigate more about it after my internet connection back to normal speed (now only have 20 kbps) and repairing corrupt local git files (I must rebase local git with 3 x 6GB size)!.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #12 on: 2014-02-25, 15:56:04 »
Hi Mustafa,

Uh, I am sorry to hear about troubles. I have experienced similar problems when I could not get 3G and needed to work with 2G. Thats terrible....

I suggest to have following parameters in /var/qmail/doc/chkuser_settings.h to be turned on before compiling the toaster:

CHKUSER_ALWAYS_ON,
CHKUSER_VPOPMAIL,
CHKUSER_DOMAIN_WANTED,
CHKUSER_ENABLE_USERS,
CHKUSER_ENABLE_LOGGING,
CHKUSER_LOG_VALID_RCPT,
CHKUSER_LOG_VALID_SENDER,CHKUSER_RCPT_DELAY_ANYERROR,
CHKUSER_ERROR_DELAY_INCREASE,
CHKUSER_RCPTLIMIT="5",
CHKUSER_WRONGRCPTLIMIT="5"

In spamdyke v 5.0, above options does not work as the current qmail-toaster compiled by you did not have certain parameters turned on. Most importantly, if you could habe most parameters setup default so that administrators must not have to compile again.

It would also be worth to have mysql support in spamdyke:

http://www.huschi.net/5_348_de-plesk-qmail-spamdyke-mit-mysql-logging.html
(needs translation from german to english)

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #13 on: 2014-02-25, 16:23:09 »
Thanks,

I don't want mysql enable in spamdyke. It's because I think better Kloxo-MR using sqlite instead mysql for their database.

If I can convert vpopmail database to cdb format (instead mysql), possible Kloxo-MR will be using sqlite instead mysql for their database.

Imagine you want Kloxo-MR as DNS only, with 6.5.1 possible you not using mail, web and spam server (except dns) with select 'none' for web/mail/spam server. With this trick possible running Kloxo-MR in 64MB RAM.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: [QMAIL] Recipient Verification to avoid spamming
« Reply #14 on: 2014-02-25, 18:23:02 »
Hi Mustafa,

I downloaded the src of toaster and found:

qmail-1.03 patched to netqmail-1.05

The latest is netqmail-1.06:
http://qmail.cybermirror.org/top.html
http://www.qmail.org/netqmail/

I suggest that you go through all important areas of the patches and make a very nice update of the toaster.
« Last Edit: 2014-03-29, 09:34:38 by Kloxo-DR »

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.046 seconds with 21 queries.

web stats analysis