SMTP problem - no athorization req. even if enabled

[aheidl]

to all the plesk and qmail gurus!

since yesterday I am encountering a very starnge SMTP problem in my plesk7.5.4. I just noticed as I had to set up my PC again and therefore had to configure outlook again.

apparently I can send emails with no problem, but the server doesn't ask for authrization anymore; hence it does not matter if in the global mailsettings the relay is set to authorization or closed. I can still send email from all my allowed recipient hosts regardless the login. I have checked, ran a rootkit scan, everythings appears to be alright. Now I am a bit stunned. what can that be?

My setup is Plesk 7.5.4 on Suse 9 pro. I can actually enable and disable qmail through the plesk interface under service management, but for some reason application of the global mail settings do not seem to have any effect.

I hope anyone of you has got some clues or hints into the right direction to look.

BR,

Alex

 

[aheidl]

cross reference with other post

http://forum.swsoft.com/showthread.php?s=&threadid=24978

 

[ShadowMan@]

First, when you set Plesk mail options to Authorization required, please verify you are not using the POP3 auth, but are only using the SMTP auth.

Second, in regards to the other cross referenced thread, have you followed or checked all the things which jamesyeeoc posted? (20th June 2005 11:39 PM)

Third, were there any updates/changes done to the server around the same time? Anything at all, no matter how minor it may have been?

 

[aheidl]

@ShadowMan

thanks for the reply. I have double checked all sttings and I think I got confused in respect of the terminology "relaying" and "mail delivery". I surely can send mail without SMTP authorization from and to the same domain (OL test email), but when I set my email address to be some hotmail one it will fial without supplying the authorization settings to be the same then the PO3 detials.

Now according to the cross thread this is correct as this is like mail for local delivery. This will actually work if I set the relaying to "closed". If set to closed I understand that no relaying what so ever is possible, but local delivery from and to the same domain is possible. This is also correct from my understanding.

what concernes me is, that this could be used to inject mails to my domain and flood me with spam. Well, I have set all mails to be dropped if there is no valid recipient, still this could be used for some DoS attacs, couldn't it?

BR,

Alex

 

[ShadowMan@]

All mail servers are supposed to accept inbound email with no authorization required. Otherwise it would only accept email from users defined on that server who can be authenticated.

In other words, if I send an email to you, I do not have to authenticate myself with your server, but your server will accept the inbound email and deliver it to your mailbox.

This is absolutely normal.

Now, for me to be able to use my email server to send it out to your server (technically sending a relay message), my Outlook must authenticate/login to my SMTP server, then it will accept my email which is to be relayed to your server.

In some cases, ISPs will be filtering/blocking port 25 (SMTP) and so Outlook must be setup to use the ISPs SMTP server for outgoing emails. In this case, your Plesk server is not the one accepting the email from your Outlook.

ANYONE who wants to, can send unlimited emails to any domain on the internet, using common or dictionary email names and other methods, and therefore be able to flood your email boxes with SPAM. That's why SpamAssassin exists.

A flood of Email is not really a DoS/dDoS attack, it's generally just plain old SPAMMING. Of course, I guess if you look at it from certain viewpoints, if enough incoming spam messages per second are achieved, it may have a similar end result of other types of attacks... slowing or crashing a server (theoretically speaking).