• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Qmail acting as an open relay for local network

C

ComNet

New Pleskian
Hi,
I'm seeing a strange behavior on my Plesk 10.4.4: other hosts from the public subnet I purchased from my ISP are able to use unauthenticated SMTP as an open relay, while the rest of the world can't (I followed the steps and double-checked, to be sure, the official KB article at http://kb.parallels.com/en/1394).
The whitelist has only ::1 and 127.0.0.0/8 on the allowed entries, and nothing is blacklisted.
Do you have any idea why is it open-relaying from local subnet's hosts, and how to stop that?
Thanks,

Marco
 
Tried to restrict from 127.0.0.0/8 to 127.0.0.1/32, still seeing same behavior from other hosts in the same subnet.
Any hint?
 
Do you have pop-before-relay enabled? If so, and someone is doing pop3 logins from a particular IP then there will be a window where no smtp auth will be required. If the window is set to, say, 5 minutes and the user logs in every 5 minutes then effectively that IP is going to be able to use smtp anytime they want.
 
Faris Raouf said:
Do you have pop-before-relay enabled? If so, and someone is doing pop3 logins from a particular IP then there will be a window where no smtp auth will be required. If the window is set to, say, 5 minutes and the user logs in every 5 minutes then effectively that IP is going to be able to use smtp anytime they want.
Click to expand...

Thanks for your answer; unfortunately, that's quite not the case for two reasons:
  1. I don't relay ("SMTP relay closed"). Simple as that. :)
  2. The other hosts in the subnet are servers, so no POP3 authentication shall ever come from there.
 
Check /etc/xinetd.d/smtp_psa to make sure the settings you have configured in Plesk are actually reflected there, just in case?
 
Faris Raouf said:
Check /etc/xinetd.d/smtp_psa to make sure the settings you have configured in Plesk are actually reflected there, just in case?
Click to expand...

Thanks; I've been looking for a tcp-env configuration (as seen on this qmail page for "selective relaying" http://qmail.3va.net/qdp/qmail-antirelay.html), but I found none.
This is my smtp_psa started from xinetd:
Code: 
service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        instances       = UNLIMITED
        env             = SHORTNAMES=1
        server          = /var/qmail/bin/tcp-env
        server_args     = -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -r sbl.spamhaus.org -r xbl.spamhaus.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
 
OK, I have no ideas at all I'm afraid.

Well, I do have one, but it should not make any difference. I notice you have shortnames enabled. How about changing it to off (in the panel, not editing the file). Yes, I know, it should have nothing to do with anything. But maybe it will kickstart something somewhere :) And if it makes no difference, put it back to how it was, obviously ;-)
 
You must log in or register to reply here.
Back
Top