Messages

196

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-03-04, 07:50:52 »

Hi Mustafa,

if your qmail setting is correct, impossible your server as 'smtp relay' from outside.

There is no smtp-relay from outside in this case. The emails are sent from inside because those email addresses did not exist on the server. They are sent to innocent victims mentioned in "Recipient Path".

197

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-04, 07:43:37 »

I assume that there is a second victimized server.

I placed my message in the following thread:

http://forum.mratwork.com/kloxo-mr-development/%28qmail%29-recipient-verification-to-avoid-spamming/30/

198

Kloxo-MR Technical Helps / Re: How to uninstall qmail-toaster

« on: 2014-03-04, 07:41:56 »

Hi,

I refer to my thread here:
http://forum.mratwork.com/kloxo-mr-development/%28qmail%29-recipient-verification-to-avoid-spamming/30/

Yes, CPU always load 100% because processing qmail-remote

I suspect that your Kloxo-MR with Qmailtoaster is being used by spammers to send thousands of emails to innnocent victims.

If this is the case, then qmail-remote will be sending to people as undelivered emails. YOU WILL NOT EVEN REALIZE THAT YOUR SERVER HAS BECOME A SPAMMING SERVER.

After some time, the IP of your server may get blacklisted in some list.

This is what happened to me for about half a year. When I changed the IP of my server and moved to anathor provider, the spammer tracked the new Ip and blasted my server again.

199

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-03-04, 07:36:09 »

Hello Chris,

We have tried to reproduce your bounce relay spam attack, and have been unable.  I am NOT saying it didn't happen, just that I can not reproduce.

There seem to be anathor victimized server in the other thread:
http://forum.mratwork.com/kloxo-mr-technical-helps/how-to-uninstall-qmail-toaster/

@hoangsang
The spammer have found your server, if my assumtion is correct. In that case, your server is being used to send emails to innocent victims. Then, you cannot use Kloxo-MR anymore. You must compile the Qmailtoaster with CHKUSER or stop using Kloxo-MR. Thats what Mustafa said to me!!!

Yes, CPU always load 100% because processing qmail-remote

When the spammer uses a special technique, then CPU gets overloaded that normal. In the TOP monitor you see many process active by the user qmaild. The CPU always load 100% because processing qmail-remote.

THIS IS WHAT HAPPENED ON MY SERVER, when the catchall was activated and setup to delete all emails to non-existent users!

Kloxo-MR is vulnerable to spamming because a spammer is able to make connections throuch CHKUSER and sidetrack the catchall and all other spamdyke protections. Thereafter, Kloxo-MR becomes a spamming server and can send emails to innocent victims.

For the spammer, it is the best that the Admin of Kloxo-MR does not even know if his server has converted into a spamming server and all email "as undelivered emails" gets relayed from the victimized server.

Chris, could you reproduce the above characteristics of blasting CPU and invoking the qmail-remote in your series of testing based on your extraordinary expertise? You and your partner, both are an inexperienced spammers and the testing you both conducted are useless!

200

Kloxo-MR Bugs and Requests / Re: New spamdyke problems

« on: 2014-03-03, 13:33:26 »

Hi Spacedust,

Instead of giving you a direct answer, I prefer to bring you check everything.

read the following and go through all the changes required in the spamdyke.conf, including the substitution of local-domains-file, amongst changes of other configuratio parameters:

http://www.spamdyke.org/documentation/Changelog.txt

You need to do this because I told mustafa to make an update, and he did. Then you should do changes required in the spamdyke.conf manually, like every one has to do.

The available configuration of spamdyke.conf generated from mysql is useless. My request to Mustafa, that he may develop configuration of spamdyke, is also useless or was neglected.

201

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-02, 19:19:55 »

Hi,

@Kloxo-DR, yeah i got your points.
Kloxo-MR as the replacement for cPanel.
Thanks.

Glad that you understood some hints.

The question:
........Risk of being spammed using Kloxo-MR?

The answer of your question:

Uh, YES!

Stay where you are and beware of changing. I say this from my eight years of experience using Kloxo, and now since a couple of months, Kloxo-MR. It may all look exptremely attractive, all those beautiful icons and features. Your joy of a very good panel shall evaporate in milliseconds, if your server gets hacked or a spammer finds holes somewhere.

I still remember shouting and yelling myself before the computer when some idiot used my server for spamming. It took me some time until I really found who things occured. It even took more time to identify the root cause.

The panecia to the problem is, as I see today and like I always saw it concludingly earlier, to have a different panel that Kloxo or Kloxo-MR.

But the choice is yours.

202

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-02, 17:44:25 »

Hi,

We clearly see that the CHKUSER is doing check for MX record for the given domain, but not for a valid recipient email address.
@Kloxo-DR: does my test above illustrate the issue?

I just do not understand why you do not understand! But I do understand what you do not understand!!!

Yes, I confirm that your test results are true. My dear friends, everyone participating in this thread, or the earlier one, knows that.

Chris accepted this diplomatically and declared that "delete function" works.

Mustafa blatantly said that CHKUSER has been compiled with the Toaster. I claim that it is doing nothing more than logging as many important parameters are not activated. I said that I do not have time for that and asked Mustafa to compile it for everyone.

I said I cannot do it because I do not have time or the knowledge for that. So, I said that i should leave. Mustafa said Goodbye.

Why cannot you follow this part of the conversation?

I have said that CHKUSER is not working because certain parameters needs to be activated before compilation.

So Mustafa said that I should look in tcp.smtp + run files.

Chris conrirmed that certain parameters must be activated and Toaster should be compiled.

Thats why I mentioned to you, that you should compile the Toaster if you have time or take "Goodbye" from Mustafa, just the way how he told me.

As you declared that you do not have time, I advise you to invest more time, before you run out of time, to investigate, if you could have more time in the future for such investigation, or take "Goodbye" from Mustafa instead.

The issue I have raised is that Mustafa would bring out a different and modified Toaster sometime later, if he is in a mood for that. If not, you cannot demand from him anything. This is his project.

You have to decide to take it or leave it, with its state as it is now.

203

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-02, 07:08:20 »

Hello Chris,

However, I could not reproduce this bounce relay, as my toaster is set to 'delete' or blackhole unknown recipients.

I asked you in the earlier thread if you beleive me. When I tried sending an email to a non--existent recipient on my server, it got deleted. So, in fact I did not beleive myself!

Bugs have a general and special character. Some fires on every server and some on certain special conditions. I myself was not able to reproduce that. It struck me only when I inserted certain codes in the bademailfrom and trapped the spamdyke connection sensitivity. Only then I came to the idea of downloading and opening the src.rpm. See my earlier thread.

Unless you can reproduce certain conditions created by the spammer, which I coult not, you also just cannot reproduce the problem I have mentioned.

204

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-02, 06:53:24 »

@Chris,

1) ---------------------------------------
As I was having nightmares, I was regularly observing all changes. Ofcourse, I was aware of th following code and precisely how and when it was inserted:

Code: [Select]

if [ -f /var/qmail/control/norecordio ] ; then
RECORDIO=""
else
RECORDIO="/usr/bin/recordio"
fi

Mustafa decided to maintain illegal email content logging and offered one control file "norecordio" to deactivate it, outside of run files. The issue I discussed was not that I did not know, but that this is the case.

That does not change the prima facia matter of the issue: Kloxo-MR installs illegal content logging in maillog files by default. I found the way by deactivating email content logging with substituting -Q switch and removed -v. Others, like you may use the touch command. Well, this is MR's project and the issue - as well as all other issues - thus, remains uncontestable.

I had to spend 10-15 hours to identify the trouble before Mustafa entered the above code.  New commers to Kloxo-MR may not know this. Then, their the lack of knowledge fires illegal content logging on their servers. This means that you need time to read every corner of this forum, spend time for hours and hours, and obtain all necessary tweaks.
2) ---------------------------------------

However, I could not reproduce this bounce relay, as my toaster is set to 'delete' or blackhole unknown recipients.

My Toaster was set to 'delete' for all mailboxes as well as catch-all. My problem was that the configuration was set delete and it did not delete but bounced emails! Further, my problem was that qmail does not check existence of a recipient, although CHKUSER exists.

Toaster checks a recipient, if set to check, only if CHKUSER patch 2.0.9 it properly applied and respective parameters are activated. To do this, you have to recompile Qmailtoaster again by yourself.

Because some parameters are not activated, a spammer is able to sidetrack delete function under special conditions and can use bounce function. Then he makes transmission with different "from" and "sender" (Return-Path) for spamming to victimize all senders. All those victimized recipients in the sender receives undelivered emails from your server with authentic digital signature.

@Mella

Mustafa: Qmail-toaster already compile with chkuser patch. You can see /etc/tcp.rules.d/tcp.smtp about send/smtp issue.

Chris did confirm that the Qmailtoaster should be recompiled. As this is not yet done, you should recompile yourself to use some CHKUSER functions, especially those parameters I mentioned in the other thread. In other words spend time on using chkuser commands and tcp.smtp to identify how and where you could use those commands, if you want to.

205

Kloxo-MR Development / Re: Risk of being spammed using Kloxo-MR?

« on: 2014-03-01, 21:52:44 »

Hi,

Yes ofcourse! Do you really mean that I was joking in that other thread?

In western countries, it is illegal to use softwares or scripts, if one knows, that has fundamental flaws and are exposed to such risks.

Due to this legal obligation, I decided to change. I found that ISPConfig is a good choice.

Kloxo-MR with Qmailtoaster is like using a silliy old car without brakes on a moterway. But it does have very good decoration of excellent symbols, as in 6.5.1b and has lots and lots of features.

If that car does not brake, then everything is useless, however good it is or best features it may have.

The Qmailtoaster pumped by Mustafa has things that is not able to - and shall not - brake spammers using your server as a spamming server. I have constantly observerd spamming LIVE and I was YELLING!

I was a victim and found my way with firewall to stop all connection of spammer.

If you have a lot to do, then you just cannot turn off your brain and wisdom by shutting it down neglecting on vatieties of topics I mentioned in the other thread.

206

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-02-28, 07:00:32 »

Hi Mustafa,

Hi, qmail-toaster in Kloxo-MR not use tcp.smtp but supervise.

netqmail is different way compare to qmail-toaster. So, for chkuser must set inside run file.

Should I write a cronjob to constantly reinstall and overwrite your run files with better run files to prevent spam attacks? Should everyone do that? Is the solution to overwrite your run files to prevent spam attacks and illegal email content logging a very special wish of mine?

I suggest to make a feature request to create a web interface for configuring Qmailtoaster and spamdyke. Both are just inevitable functions, as inevitable as apache and mysql, and, thus, require much better possibility for administrators for configuration.

207

Kloxo-MR Development / Add rkhunter --propupd with /script/cleanup

« on: 2014-02-27, 06:02:54 »

Hello Mustafa,

If I understand correct, kloxo-mr installed rkhunter, right? In that case, it would be correct to add rkhunter --propupd. Without this, it will not function.

It is possible that this was installed from centos template. Even in that case, it would be worth to have something like this integrated.

I got the message:

The file of stored file properties (rkhunter.dat) does not exist, and should be created. To do this type in 'rkhunter --propupd'.
Warning: Suspicious file types found in /dev:
         /dev/.udev/tmp-rules--70-persistent-net.rules: ASCII text

208

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-02-25, 19:21:10 »

Hi Mustafa,

Imagine someone have many servers in cluster. One server ..., some server ..., some server as xxx, some servers as yyy and so on and so on.

Imagine means to dream. Yes. I can dream of this. Currently, I, and the entire tiny community of Kloxo-MR, would be soooo must happy, if we must be able to sleep. If we can sleep, only then we can dream...

I cannot sleep because my server was hacked. So, my very sincere and honest suggestioon is to first have all the features stable and enhance the existing features dramatically.

Now just the fundamental things does not work and its development has remained to minimum. Ofcourse you have done the most excelent job. No doubt about it. But the development should remain within kloxo-mr targetting on drastic enhancement of existing features.

Look at backups and restore. This area is not good from the view point of its state of stagnant adter its development.

So, Mustafa I really hope that you bring kloxo-mr to a very decent and mature development. It would be really sad to have it's progress slowed down.

209

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-02-25, 18:23:02 »

Hi Mustafa,

I downloaded the src of toaster and found:

qmail-1.03 patched to netqmail-1.05

The latest is netqmail-1.06:
http://qmail.cybermirror.org/top.html
http://www.qmail.org/netqmail/

I suggest that you go through all important areas of the patches and make a very nice update of the toaster.

210

Kloxo-MR Development / Re: [QMAIL] Recipient Verification to avoid spamming

« on: 2014-02-25, 15:56:04 »

Hi Mustafa,

Uh, I am sorry to hear about troubles. I have experienced similar problems when I could not get 3G and needed to work with 2G. Thats terrible....

I suggest to have following parameters in /var/qmail/doc/chkuser_settings.h to be turned on before compiling the toaster:

CHKUSER_ALWAYS_ON,
CHKUSER_VPOPMAIL,
CHKUSER_DOMAIN_WANTED,
CHKUSER_ENABLE_USERS,
CHKUSER_ENABLE_LOGGING,
CHKUSER_LOG_VALID_RCPT,
CHKUSER_LOG_VALID_SENDER,CHKUSER_RCPT_DELAY_ANYERROR,
CHKUSER_ERROR_DELAY_INCREASE,
CHKUSER_RCPTLIMIT="5",
CHKUSER_WRONGRCPTLIMIT="5"

In spamdyke v 5.0, above options does not work as the current qmail-toaster compiled by you did not have certain parameters turned on. Most importantly, if you could habe most parameters setup default so that administrators must not have to compile again.

It would also be worth to have mysql support in spamdyke:

http://www.huschi.net/5_348_de-plesk-qmail-spamdyke-mit-mysql-logging.html
(needs translation from german to english)