Qmail accepts messages from non FQDN

[JarekG]

Hi,

I don't know if that problem is related with plesk at all, but it comes with the plesk obviously.

Qmail is accepting messages from domains without fully qualified name. I think it's the serious problem.

Dialog looks like:
# telnet server 25
Trying XXX.XXX.XXX.XXX...
Connected to server
Escape character is '^]'.
ehlo x
220 server ESMTP
250-server
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
mail from: OnsOrpyec@SDEFRSL3MIR2
250 ok
rcpt to: email@on_the_server.com
250 ok
data
354 go ahead
test
.
250 ok 1255606303 qp 18399

Of course email@on_the_server is equal to valid email address like domain.com. The problem is with mail from field. Almost all servers should reject messages from non FQDN. I have found some patches on the internet which fixes that problem, but what to do now when qmail comes with plesk installation. I don't know if I should report it as a bug, but for me it's a serious problem as server is not checking very basic criteria what email address obviously is.

If anyone has got any idea how to configure qmail (configure - not patch) to reject messages from non FQDN I will be thankful for help.

p.s. wondering why parallels don't want to use postfix instead of qmail. Postfix can store everything in the database so it's even better for parallels scripts to manage everything on the database level rather than file levels. And obviously postfix is better, up-to-date and logs are easy to read...

Regards

 

[GreedyGopher]

Hi,

For Plesk 9.2: Settings -> Mail server settings -> Names for POP3/IMAP mail accounts,
select "Only use of full POP3/IMAP mail accounts names is allowed".
By the way, postfix is also supported: http://download1.parallels.com/Plesk/PPP9/plesk-9.2.2-for-rpm-based-os.html

 

[JarekG]

Hi,

For Plesk 9.2: Settings -> Mail server settings -> Names for POP3/IMAP mail accounts,
select "Only use of full POP3/IMAP mail accounts names is allowed".

That will set plesk and whole system to use [email protected] instead of user when you login to POP3 or IMAP. I don't know if you understood my telnet session output correctly. The problem is that you're getting a lot of spam because your server accepts emails from fake domains. I agree that you can sent spoofed email from bbc.com or any other domain, but a lot of spam is sent from fake domains and server doesn't check these.

By the way, postfix is also supported: http://download1.parallels.com/Plesk/PPP9/plesk-9.2.2-for-rpm-based-os.html

Yes I have found a postfix template for plesk after publishing that post . I'm building new server now with postfix as MTA rather than Qmail and we will see how it goes . Thank you for the link and your answer.

Regards.

 

[trialotto]

Misconfiguration somewhere?

I have read your posts and was rather surprised. It should not be the case that you can send any message.

Your telnet session should have the result:

451 qq trouble in home directory (#4.3.0)

Somehow, you do not have that and i would not be surprised if your qmail setup is not properly done.

Postfix installation may resolve your issue, but not because it is Postfix. Only because of the fact of a clean install.

Reinstalling Qmail (i.e. after Postfix another change to qmail) is very likely to solve the issues you have with qmail.

 

[JarekG]

I have read your posts and was rather surprised. It should not be the case that you can send any message.

Your telnet session should have the result:

451 qq trouble in home directory (#4.3.0)

Somehow, you do not have that and i would not be surprised if your qmail setup is not properly done.

Postfix installation may resolve your issue, but not because it is Postfix. Only because of the fact of a clean install.

Reinstalling Qmail (i.e. after Postfix another change to qmail) is very likely to solve the issues you have with qmail.

The problem is my Qmail as you could see accepted such a message.

As far as I can see my Qmail has never been setup properly as I've never expected if software is installed from the template will come with such a big vulnerability and also there are no options in Plesk to setup such a facility. As I compared Qmail and Postfix installation from the template both are setup incorrectly and options given by Plesk are not enough to configure your software. I know that you can always configure your MTA from the file level, the problem is I couldn't find any option which might fix that problem. I'm not familiar with Qmail, but I know Postfix very well. All I have found about such a thing is that there are some patches for Qmail which sort that problem out. The problem is I'm a bit afraid to recompile Qmail from scratch when it has been installed from the template as there may be a big difference between paths and integrity with rest of Plesk. I don't want to stop mail service on the server with over 200 domains on.

I just wanted to draw Parallels attention to that problem as that should be fixed from the template level. I just think so.

Regards.

 

[trialotto]

In essence, whether installed from template or not, the bare standard qmail setup provided by Parallels is good enough and is blocking any sending of non-local and non-FQDN mails.

The only non-FQDN domain able to send from qmail is a non-FQDN defined in /var/qmail/control/locals, since all other domains are allowed in the file /var/qmail/control/rcpthosts and those domains are defined by Plesk (i.e. FQDN).

There is this minor installation bug: Plesk installation is often using a <serverShortname> in "locals" (i.e. non-FQDN), even when a FQDN is identified in the Plesk Control Panel under settings.

I have mentioned this in my thread Qmail configuration and how to change it.

In short, there could be no reason for allowing other non-FQDN names by qmail.

Problem is that a lot of people do have other programs installed, which come with a mail client that does not disallow the non-FQDN names. Then, it is not a problem of Plesk, but of the mysterious mail program.

Have a good look in your system and analyze whether that is not the problem.

Furthermore, plesk autoinstaller also has some minor bug: change of mail server (that is, installing qmail when running postfix and vice versa) is easy, but not completely correct.

The autoinstaller has to be run at least twice (a double change), when you encounter some problems after the first change. When doing so, the change is working properly, qmail is working fine.

It can be the case that you have to do a similar thing when using your template....and then it is very likely to be a minor bug in the installation of the template, not in the template itself and not in qmail configuration.

Hence, try to use the autoinstaller from the command line and try to analyze whether your problems persist.

Finally, note that any change between postfix and qmail does not harm your mail system, the mailboxes etc. It does involve a loss of previously used fine-tuning of the mail server (so identify them before changing mail servers).