You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Lahu <la...@yahoo.com> on 2004/03/23 15:41:47 UTC
"Open-Relay" Problem - ORDB, MAPS etc.
Hi eveybody,
I m a pretty satisfied JAMES user. So far, JAMES has
pleased me on almost every account. (Though, I helped
catch a service-level (i.e. SMTP, NNTP, POP)
"connectionLimit" bug)
However, I see a growing concern amongst my peers for
the "open-relay" thing. I want to inquire that, can
JAMES be possibly listed in the blacklists (ORDB, MAPS
etc.).
I m asking because JAMES accepts the messages from ANY
IP address. However, later when we use the
"RemoteAddrNotinNetwork" mailet/matcher pair, we can
successfully dispatch the mail to the SPAM folder
(though, still accepting the message), which indicates
that the SMTP session had been successfully completed.
This, in effect, makes JAMES a blackhole for the
spammers i.e. it does not relay the emails. ASSUME
that i m unable to use the SMTP AUTH.
On the other hand, can this behaviour cause RBL's like
ORDB, MAPS etc. to believe that this mail server
(JAMES) is configured as open relay ? What I mean to
ask here is that, when these RBL organizations (ORDB,
MAPS etc.) perform their automated tests, would they
declare JAMES as "open relay" only on the basis of the
fact that it accepted the emails OR rather would they
go great lengths verifying whether actually that mail
was relayed or not ?
I hope I made it clear. Pardon me for not expressing
it the concise way as English is not my primary
language.
P.S: Do I sound like I m asking for an ESMTP-like
feature ??? Coz, I believe (correct me, if I m wrong)
ESMTP can reject the mail-connection altogether if it
does not come from an allowed IP address!! Is this the
case ?
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: "Open-Relay" Problem - ORDB, MAPS etc.
Posted by "Noel J. Bergman" <no...@devtech.com>.
> > However, I see a growing concern amongst my peers for
> > the "open-relay" thing. I want to inquire that, can
> > JAMES be possibly listed in the blacklists (ORDB, MAPS
> > etc.).
>
> > I m asking because JAMES accepts the messages from ANY
> > IP address.
>
> AFAIK any *legitimate* relay server REQUIRES that a relay actually occur.
> james--unless configured incorrectly--doesn't fit that profile.
See: http://james.apache.org/FAQ.html#2 :-)
See also the <authorizedAddresses> element currently in the James v2.2.0
test builds, although that will likely be replaced by a more sophisticated
in-protocol filtering mechanism that has been proposed and reviewed on
the -dev list.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: "Open-Relay" Problem - ORDB, MAPS etc.
Posted by bill parducci <bi...@parducci.net>.
AFAIK any *legitimate* relay server REQUIRES that a relay actually occur.
james--unless configured incorrectly--doesn't fit that profile.
heck, if you are paranoid about such thing (i am), here is a cron job for you
(requires wget):
#!/bin/sh
# wjp last updated 8/26/03
# first we query the rbls...
#
rbl_file="/tmp/check_rbls.out"
rbl_IP="yourMailServerIP"
rbl_site="http://rbls.org/?q=$rbl_IP"
mail_from="YourCronMailAddress"
mail_to="YourMailAddress"
wget -o/var/log/web.cron/check_rbls.sh.cron.log -T90 -t5 -O$rbl_file $rbl_site
# then we look for 'red'...
if [ -s $rbl_file ] ; then
rbl_count=`grep -c "bgcolor\=\#ffc0c0" $rbl_file`
if [ $rbl_count -gt 0 ] ; then
# then fire off a note to the admin
/usr/sbin/sendmail -f $mail_from $mail_to<<EOF
Subject: rbl detection for $rbl_IP
The IP address $rbl_IP has shown up on the rbl lists as a source for SPAM.
Number of servers showing this information: $rbl_count
The details may be found here: $rbl_site
EOF
fi
rm $rbl_file
fi
kind of a hack but if you fire that dude off once a day or so and you will know
how you stand with the majority of the rbls.
b
Lahu wrote:
> Hi eveybody,
> I m a pretty satisfied JAMES user. So far, JAMES has
> pleased me on almost every account. (Though, I helped
> catch a service-level (i.e. SMTP, NNTP, POP)
> "connectionLimit" bug)
>
> However, I see a growing concern amongst my peers for
> the "open-relay" thing. I want to inquire that, can
> JAMES be possibly listed in the blacklists (ORDB, MAPS
> etc.).
>
> I m asking because JAMES accepts the messages from ANY
> IP address. However, later when we use the
> "RemoteAddrNotinNetwork" mailet/matcher pair, we can
> successfully dispatch the mail to the SPAM folder
> (though, still accepting the message), which indicates
> that the SMTP session had been successfully completed.
> This, in effect, makes JAMES a blackhole for the
> spammers i.e. it does not relay the emails. ASSUME
> that i m unable to use the SMTP AUTH.
>
> On the other hand, can this behaviour cause RBL's like
> ORDB, MAPS etc. to believe that this mail server
> (JAMES) is configured as open relay ? What I mean to
> ask here is that, when these RBL organizations (ORDB,
> MAPS etc.) perform their automated tests, would they
> declare JAMES as "open relay" only on the basis of the
> fact that it accepted the emails OR rather would they
> go great lengths verifying whether actually that mail
> was relayed or not ?
>
> I hope I made it clear. Pardon me for not expressing
> it the concise way as English is not my primary
> language.
>
> P.S: Do I sound like I m asking for an ESMTP-like
> feature ??? Coz, I believe (correct me, if I m wrong)
> ESMTP can reject the mail-connection altogether if it
> does not come from an allowed IP address!! Is this the
> case ?
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance Tax Center - File online. File on time.
> http://taxes.yahoo.com/filing.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: MailSize
Posted by Serge Knystautas <se...@lokitech.com>.
Lahu wrote:
> Hi,
> Is there a way to block/reject AND MOST IMPORTANTLY
> prevent over-sized emails from being downloaded AT ALL
> to the company mail-server.
http://james.apache.org/smtp_configuration_2_1.html
The setting you want is "maxmessagessize".
--
Serge Knystautas
President
Lokitech >> software . strategy . design >> http://www.lokitech.com
p. 301.656.5501
e. sergek@lokitech.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: SMTP AUTH for gateway !
Posted by "Noel J. Bergman" <no...@devtech.com>.
> So wats the final verdict on JAMES connecting to a
> gateway using SMTP AUTH for remote delivery. Is it
> possible or not ? I m using JAMES 2.1.3
There is no code to support it, although it would be relatively simple for
you to add. You would need to use the <gateway> tag to setup a gateway, and
the properties to provide JavaMail with the SMTP AUTH information that
should be used with that gateway.
You'd need to add some trivial lines of code to the init and deliver
methods.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
SMTP AUTH for gateway !
Posted by Lahu <la...@yahoo.com>.
OK,
I went thru the mailing lists for this problem. Have
read the debate, already.
So wats the final verdict on JAMES connecting to a
gateway using SMTP AUTH for remote delivery. Is it
possible or not ? I m using JAMES 2.1.3
I have a gateway that uses SMTP AUTH and accepts
emails for relaying. All of my remote delivery is
supposed to be done by that Gateway.
Regards,
Lahu
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: MailSize
Posted by "Noel J. Bergman" <no...@devtech.com>.
> i am not aware of any smtp/rfc that allows for
> that kind of information polling
RFC 2821, section 4.5.3.1. And much more specifically, RFC 1870.
> the principle behind james is to accept all and then process
The <maxmessagesize> has been supported by JAMES since Matthew Pangaro and
Charles Benett got it into CVS almost three years ago.
As for fast-fail, the principle behind James is to implement what people
need, and there have been a lot of requests for fast-fail. Furthermore,
fast-fail becomes necessary in order to deal with the Internet worms in any
sort of high volume environment.
We've had various approaches for fast-fail, but didn't really like any of
them so we limited them to what seemed really necessary and useful. Now we
have an approach that is consistent with the rest of James. That should
appear be in a relatively early build of v3.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: MailSize
Posted by Alan Gerhard <al...@gercom.com>.
in order to do any kind of analysis, you need to have physical access to the
entire mail object.
i am not aware of any smtp/rfc that allows for that kind of information polling
...
am not sure either that this is/will be an issue for the company in question
some most mail servers behave in a similar manor.
workaround ??
download, analyze, process
a dos attack can be done with a 1KB mail just as easily as a 1 gb mail.
the principle behind james is to accept all and then process - this prevents
address harvesting and to some extent, allows some protection to dos (james can
fire off threads and process individual mails to determine junk or not almost as
fast as they can be received)
~-----Original Message-----
~From: Lahu [mailto:lahuonline@yahoo.com]
~Sent: Saturday, March 27, 2004 08:32
~To: James Users List
~Subject: Re: MailSize
~
~
~Ok.. great.. I ve read the article and have fairly
~understood the logic behind not implementing FastFail.
~
~So, wat do those users do who have to implement a
~company-policy that restricts oversized emails (say
~above 3 MB) from being downloaded to the server. Lets
~not discuss the case of hackers/crackers/spammers etc,
~for the sake of simplicity.
~
~Any workarounds ?
~
~Lahu
~
~--- Craig Raw <cr...@quirk.co.za> wrote:
~> What you are asking for is fast fail. See
~> http://wiki.apache.org/james/NoFastFail for reasons
~> why
~> this is not implemented in James.
~>
~> In my experience I find that the culprits are
~> restricted to one or two remote servers. I have
~> written a mailet that logs a summary of every
~> email's size and remote host to the database. When I
~>
~> notice smtp bandwidth is high, I consult this log to
~> find the likely source. I can then block the
~> responsible hosts at the firewall level.
~>
~> -craig
~>
~>
~> Lahu wrote:
~> > Hi,
~> > Is there a way to block/reject AND MOST
~> IMPORTANTLY
~> > prevent over-sized emails from being downloaded AT
~> ALL
~> > to the company mail-server.
~> >
~> > The current "SizeGreaterThan" mailet does this
~> only
~> > after downloading the emails first and then
~> > analysing/evaluatiing etc. In my case, I dont want
~> the
~> > email/attachment/message/etc. to be downloaded at
~> all.
~> >
~> > If not, then wat is the workaround ? Coz, without
~> > this, it is possible for anybody to bombard the
~> mail
~> > server wid heavy mails such as 5 MB and do a DOS
~> > attack on us??
~> >
~> > I m very concerned about this.
~> >
~> >
~> > __________________________________
~> > Do you Yahoo!?
~> > Yahoo! Finance Tax Center - File online. File on
~> time.
~> > http://taxes.yahoo.com/filing.html
~> >
~> >
~>
~---------------------------------------------------------------------
~> > To unsubscribe, e-mail:
~> server-user-unsubscribe@james.apache.org
~> > For additional commands, e-mail:
~> server-user-help@james.apache.org
~> >
~> >
~>
~>
~>
~---------------------------------------------------------------------
~> To unsubscribe, e-mail:
~> server-user-unsubscribe@james.apache.org
~> For additional commands, e-mail:
~> server-user-help@james.apache.org
~>
~
~
~__________________________________
~Do you Yahoo!?
~Yahoo! Finance Tax Center - File online. File on time.
~http://taxes.yahoo.com/filing.html
~
~---------------------------------------------------------------------
~To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
~For additional commands, e-mail: server-user-help@james.apache.org
~
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: MailSize
Posted by "Noel J. Bergman" <no...@devtech.com>.
> > > Is there a way to block/reject AND MOST IMPORTANTLY
> > > prevent over-sized emails from being downloaded AT
> > > ALL to the company mail-server.
> >
> > What you are asking for is fast fail. See
> > http://wiki.apache.org/james/NoFastFail for reasons
> > why this is not implemented in James.
>
> So, wat do those users do who have to implement a
> company-policy that restricts oversized emails (say
> above 3 MB) from being downloaded to the server.
Nothing at all. See <maxmessagesize> element, which is in the provided
config file. See also http://james.apache.org/smtp_configuration_2_1.html.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: MailSize
Posted by Lahu <la...@yahoo.com>.
Ok.. great.. I ve read the article and have fairly
understood the logic behind not implementing FastFail.
So, wat do those users do who have to implement a
company-policy that restricts oversized emails (say
above 3 MB) from being downloaded to the server. Lets
not discuss the case of hackers/crackers/spammers etc,
for the sake of simplicity.
Any workarounds ?
Lahu
--- Craig Raw <cr...@quirk.co.za> wrote:
> What you are asking for is fast fail. See
> http://wiki.apache.org/james/NoFastFail for reasons
> why
> this is not implemented in James.
>
> In my experience I find that the culprits are
> restricted to one or two remote servers. I have
> written a mailet that logs a summary of every
> email's size and remote host to the database. When I
>
> notice smtp bandwidth is high, I consult this log to
> find the likely source. I can then block the
> responsible hosts at the firewall level.
>
> -craig
>
>
> Lahu wrote:
> > Hi,
> > Is there a way to block/reject AND MOST
> IMPORTANTLY
> > prevent over-sized emails from being downloaded AT
> ALL
> > to the company mail-server.
> >
> > The current "SizeGreaterThan" mailet does this
> only
> > after downloading the emails first and then
> > analysing/evaluatiing etc. In my case, I dont want
> the
> > email/attachment/message/etc. to be downloaded at
> all.
> >
> > If not, then wat is the workaround ? Coz, without
> > this, it is possible for anybody to bombard the
> mail
> > server wid heavy mails such as 5 MB and do a DOS
> > attack on us??
> >
> > I m very concerned about this.
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Finance Tax Center - File online. File on
> time.
> > http://taxes.yahoo.com/filing.html
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> > For additional commands, e-mail:
> server-user-help@james.apache.org
> >
> >
>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> server-user-unsubscribe@james.apache.org
> For additional commands, e-mail:
> server-user-help@james.apache.org
>
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: MailSize
Posted by Craig Raw <cr...@quirk.co.za>.
What you are asking for is fast fail. See http://wiki.apache.org/james/NoFastFail for reasons why
this is not implemented in James.
In my experience I find that the culprits are restricted to one or two remote servers. I have
written a mailet that logs a summary of every email's size and remote host to the database. When I
notice smtp bandwidth is high, I consult this log to find the likely source. I can then block the
responsible hosts at the firewall level.
-craig
Lahu wrote:
> Hi,
> Is there a way to block/reject AND MOST IMPORTANTLY
> prevent over-sized emails from being downloaded AT ALL
> to the company mail-server.
>
> The current "SizeGreaterThan" mailet does this only
> after downloading the emails first and then
> analysing/evaluatiing etc. In my case, I dont want the
> email/attachment/message/etc. to be downloaded at all.
>
> If not, then wat is the workaround ? Coz, without
> this, it is possible for anybody to bombard the mail
> server wid heavy mails such as 5 MB and do a DOS
> attack on us??
>
> I m very concerned about this.
>
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance Tax Center - File online. File on time.
> http://taxes.yahoo.com/filing.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
MailSize
Posted by Lahu <la...@yahoo.com>.
Hi,
Is there a way to block/reject AND MOST IMPORTANTLY
prevent over-sized emails from being downloaded AT ALL
to the company mail-server.
The current "SizeGreaterThan" mailet does this only
after downloading the emails first and then
analysing/evaluatiing etc. In my case, I dont want the
email/attachment/message/etc. to be downloaded at all.
If not, then wat is the workaround ? Coz, without
this, it is possible for anybody to bombard the mail
server wid heavy mails such as 5 MB and do a DOS
attack on us??
I m very concerned about this.
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
RE: "Open-Relay" Problem - ORDB, MAPS etc.
Posted by bill page <bi...@snakeriversoftware.com>.
I don't believe it will. I put up James in the fall (had an expired server
and dreaded re-installing exchange). I was concerned about this too. I
went to www.ordb.org to have it tested and it passed. My firewall is set to
accept from anywhere and send to anywhere but only from the one ip (which is
a natted private IP). Given that you can put up James in 1/2 hour, give it
a try.
hope that helps
bill page
> -----Original Message-----
> From: Lahu [mailto:lahuonline@yahoo.com]
> Sent: Tuesday, March 23, 2004 9:42 AM
> To: server-user@james.apache.org
> Subject: "Open-Relay" Problem - ORDB, MAPS etc.
>
>
> Hi eveybody,
> I m a pretty satisfied JAMES user. So far, JAMES has
> pleased me on almost every account. (Though, I helped
> catch a service-level (i.e. SMTP, NNTP, POP)
> "connectionLimit" bug)
>
> However, I see a growing concern amongst my peers for
> the "open-relay" thing. I want to inquire that, can
> JAMES be possibly listed in the blacklists (ORDB, MAPS
> etc.).
>
> I m asking because JAMES accepts the messages from ANY
> IP address. However, later when we use the
> "RemoteAddrNotinNetwork" mailet/matcher pair, we can
> successfully dispatch the mail to the SPAM folder
> (though, still accepting the message), which indicates
> that the SMTP session had been successfully completed.
> This, in effect, makes JAMES a blackhole for the
> spammers i.e. it does not relay the emails. ASSUME
> that i m unable to use the SMTP AUTH.
>
> On the other hand, can this behaviour cause RBL's like
> ORDB, MAPS etc. to believe that this mail server
> (JAMES) is configured as open relay ? What I mean to
> ask here is that, when these RBL organizations (ORDB,
> MAPS etc.) perform their automated tests, would they
> declare JAMES as "open relay" only on the basis of the
> fact that it accepted the emails OR rather would they
> go great lengths verifying whether actually that mail
> was relayed or not ?
>
> I hope I made it clear. Pardon me for not expressing
> it the concise way as English is not my primary
> language.
>
> P.S: Do I sound like I m asking for an ESMTP-like
> feature ??? Coz, I believe (correct me, if I m wrong)
> ESMTP can reject the mail-connection altogether if it
> does not come from an allowed IP address!! Is this the
> case ?
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance Tax Center - File online. File on time.
> http://taxes.yahoo.com/filing.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org