[prev in list] [next in list] [prev in thread] [next in thread] 

List:       courier-users
Subject:    RE: [courier-users] How to force SMTP AUTH only for MAIL FROM addresses of hosted domains?
From:       "Frank Habicht" <frankh () layne ! co ! tz>
Date:       2004-03-11 7:37:35
Message-ID: 00ff01c4073c$8fb40b70$a901a8c0 () frank
[Download RAW message or body]

Hi again,

so i understand SPF (http://spf.pobox.com/) would solve your problem as
well....
i haven't done it yet but i like the concept.

I somehow would love to have SPF _in_ courier.
My wish for next x-mas:
- no storing-msg-id-droping-msg-hack (sorry, no intention to offend)
- but instead:
- a compile-time switch
- enabling spf inside submit &
- incl. dropping the message & connection if SPF results indicate
- changing the current performance priority &
- rewriting/adding (hardcoded as per spf) that one header line (incl that
forwarding rewriting).
- and that all if possible before x-mas   ....

but like many others here I'm not the coder needed for that task...
So it's only a wish hoping to be heard.

Frank


-----Original Message-----
From: courier-users-admin@lists.sourceforge.net
[mailto:courier-users-admin@lists.sourceforge.net]On Behalf Of Lorenzo
Perone
Sent: Thursday, March 11, 2004 9:03 AM
To: courier-users@lists.sourceforge.net
Subject: Re: [courier-users] How to force SMTP AUTH only for MAIL FROM
addresses of hosted domains?


Hello! Thanx a lot to take some time! :)

On 11. Mrz 2004, at 5:54, Frank Habicht wrote:

> You need a slightly different approach.
>
> SMTP to port 25 is 'meant' for all deliveries to your local addresses
> (domains hosted with you).
> From any machine on the internet acting as an smtp-client to your
> server.
> all this to your local addresses doesn't need auth - because there are
> so
> many thousands of machines out there and you want all of them to email
> you...
>
> even if it happens to come _from_ one of your addresses...
> ... no auth. because _all_ can send email to your addresses (I'm trying
> currently ;-)
>
> best solution is for your users to send the outgoing mail to
> esmtp-msa (port 587)   or
> esmtp-ssl (port 465)  - by default at least

Well, yes, in _theory_, this could be a possible approach.
In practice, it is the default for any mail client to use port 25 to
submit mail to its smtp server - be it the terrible Outlook or anything
else around. And ssl is not yet present in all mailers.

I'm actually trying to solve a serious spam problem:
spammers sending mail claiming to be someone of my domain, asking people
to send their user id and password, etc.
I've written a perl script that can make (fairly) sure if one is
authenticated - but I can not just throw away the "other" mails, i.e.
those which are not authenticated (and still have a "From: " header
pretending to be from the same domain) because I cannot tell, at that
level, whether it's a spammer or a user with an old client who tries to
send some mail without authenticating first.
If the server forced authentication for those claiming to be a hosted
user
at the Return Path (MAIL FROM) level, spammers could still claim to be
someone else and later, in the DATA, use a "From:" of my domain. But in
the latter case I could easilly catch that with my maildrop-triggered
script.

Of course, a last-resort option would be to make an extfilter out of the
script, and alter the subject or body, telling that it could _possibly_
be spam and not to trust the sender in case of doubt.
But an error at SMTP level, which the users would inevitably notice
and force them to update/setup their clients would be much better.
I've setup Communigate Pro several times - and its smtp module has this
option for example.
I can't believe that an otherwise superb product as courier
is going to "leave me alone" on this issue... :|

BTW: I do use spam assassin succesfully with maildrop - in this case,
though, the problem is not the content of the message which is no
advertisement but an attempt to make users give away their passwords
or execute attachments. And of course I warned all users... but ...
yes.. I hate _those_ spammers in particular and would like to find
a server-side solution ;].
Smtp auth works fine in courier, why shouldn't I use it...?

> there you require auth:
> AUTH_REQUIRED=1
>
> hope it helps...
>
> Frank

> PS: yesterday i struggled with a fairly fresh install to get a virtual
> domain in $(sysconf)/aliases/* work...
> it took too long to get the idea to create a .courier-default in the
> recipient's home....
> It's kind-of implied, but an additional sentence under Virtual domains
> would
> help saying something like
> you have to accept all these emails with a .courier-default file or
> individual others... ?

this is a helpful one :) i also hadn't figured this out....
indeed courier has a lot of docs but somehow i'm always searching like
mad
maybe i'll have to get used to it ;).

> Finally: Lots of thanks to Sam for courier!!!

I agree :)



Lorenzo



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.614 / Virus Database: 393 - Release Date: 3/5/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.614 / Virus Database: 393 - Release Date: 3/5/2004




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[prev in list] [next in list] [prev in thread] [next in thread]