rmartin
08-20-2001, 09:07 PM
Hi,
I have a dedicated server running linux, i have running nwebmail for users to send email via sendmail
the problem i have is that the users are able to send mail outwards with domains other than the ones we own.
this is a big security problem and one i need to clamp down on this immediately
how do i stop this
many thanks
R Martin
Originally posted by rmartin
the problem i have is that the users are able to send mail outwards with domains other than the ones we own.
how do i stop this
Have you checked your list of domains for which to relay, and verified that no top-level domains are in there? (for example if it's set to relay for .com - it will happily do so)
It would be a good idea to install POP-B4-SMTP or perhaps a new version of Sendmail with SMTP-AUTH.
rmartin
08-20-2001, 09:59 PM
in webmin under relay domains i have listed the main domain name + the ip of the machine eg
domain.co.uk
80.70.3.1
that is all
but users can set their from address to whatever they like and the machine will send the mail
many thanks
r martin
Originally posted by rmartin
but users can set their from address to whatever they like and the machine will send the mail
Now I understand you.
Do you want to block users completely from sending mail?
Or do you just want the sender address to be one of the domains hosted on the box?
rmartin
08-20-2001, 10:20 PM
Originally posted by jks
Or do you just want the sender address to be one of the domains hosted on the box?
I would really want this to happen
Many thanks
R Martin
rmartin
08-21-2001, 12:14 PM
Hi,
I have had to disable parts of the webmail system to prevent this happening but this does not solve the overall problem
Anyone could put webmail of scripts on our system to carry on doing this,
I need to get the system to reject fake FROM address originating from our system
You help is appreciated
Many Thanks
R Martin
