Post new topic Reply to topic  [ 9 posts ] 
Author Message
 Post subject: spam problem with empty sender address
PostPosted: 2011-03-29 10:55 
New user
New user

Joined: 2011-03-29 10:31
Posts: 3
I have a windows server 2003 host with hmailserver 5.3.3-B1879.
I have the external to external check disabled in hmailserver ip ranges properties. I had to uncheck the "Allow empty sender address" in SMTP properties because of spam attacks.
With empty sender allowed I had hundreds of email like this:

"SMTPC" 3224 70554 "2011-03-28 01:46:27.792" "some.external.ip.xx" "RECEIVED: 220 some.external.server XESMTP Postfix (Debian/GNU)"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.792" "some.external.ip.xx" "SENT: HELO my.mail.server"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.839" "some.external.ip.xx" "RECEIVED: 250 some.external.server"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.839" "some.external.ip.xx" "SENT: MAIL FROM:<>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.886" "some.external.ip.xx" "RECEIVED: 250 2.1.0 Ok"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.886" "some.external.ip.xx" "SENT: RCPT TO:<[email protected]>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.948" "some.external.ip.xx" "RECEIVED: 250 2.1.5 Ok"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.948" "some.external.ip.xx" "SENT: DATA"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.995" "some.external.ip.xx" "RECEIVED: 354 End data with <CR><LF>.<CR><LF>"
"SMTPC" 3224 70554 "2011-03-28 01:46:27.995" "some.external.ip.xx" "SENT: [nl]."
"SMTPC" 3224 70554 "2011-03-28 01:46:28.495" "some.external.ip.xx" "RECEIVED: 250 2.0.0 Ok: queued as 4265E1072CB"
"SMTPC" 3224 70554 "2011-03-28 01:46:28.495" "some.external.ip.xx" "SENT: QUIT"
"SMTPC" 3224 70554 "2011-03-28 01:46:28.542" "some.external.ip.xx" "RECEIVED: 221 2.0.0 Bye"

If I have external to external send disabled, why permits hmailserver to send null sender to external mails without authetication ?
How can avoid this ?

Regards


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-29 11:25 
Site Admin
User avatar

Joined: 2005-07-29 16:18
Posts: 13812
Location: UK
Please post screenshots of your ip ranges.

_________________
If at first you don't succeed, bomb disposal probably isn't for you! ヅ


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-29 18:02 
Senior user
Senior user
User avatar

Joined: 2005-10-13 21:28
Posts: 2486
Location: Lithuania
supercsd wrote:
If I have external to external send disabled, why permits hmailserver to send null sender to external mails without authetication ?

You have misconfigured your IP ranges or you confused external with internal.

Default hMailServer configuration does not relay emails to external accounts without authentication.

Emails with null sender are not always spam. It can be valid DSN bounces.


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-30 07:42 
New user
New user

Joined: 2009-10-15 09:23
Posts: 26
I have the same issue, and I add a rule, like this

one for those spam "date" not 2011
second for those "to" field is empty

Attachment:
screenshot.gif
screenshot.gif [ 10.38 KiB | Viewed 888 times ]


you can change the "to" to "from" :)

_________________
Vmware -> win2003 + hmail.v5.3.4b1913 + ClamAV.v0.96.5


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-30 10:44 
New user
New user

Joined: 2011-03-29 10:31
Posts: 3
I have two IP ranges, one local and one for the rest.

Attachment:
IP_Range_Internet.JPG
IP_Range_Internet.JPG [ 40.03 KiB | Viewed 882 times ]


Attachment:
IP_Range_Local.JPG
IP_Range_Local.JPG [ 38.3 KiB | Viewed 882 times ]


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-30 13:26 
New user
New user

Joined: 2011-03-29 10:31
Posts: 3
I've been checking my logs and I think the "MAIL FROM: <>" are not the cause but the effect of spam. I discovered two compromised accounts so I am changing passwords on affected accounts. I hope this wil solve my spam problem.

One question, I want localhost to send mails only to local accounts. Are ok my ip ranges definitions (see my last reply)?
It process first higher priority ip range (127.0.0.1) and stops seeeking the rest of ip ranges (0.0.0.0-255.255.255.255)?


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-03-30 15:00 
Moderator
User avatar

Joined: 2007-06-14 05:12
Posts: 11910
Location: 'The Outback' Australia
supercsd wrote:
Are ok my ip ranges definitions (see my last reply)?
It process first higher priority ip range (127.0.0.1) and stops seeeking the rest of ip ranges (0.0.0.0-255.255.255.255)?

Yes this is what your IP ranges as shown will do.

_________________
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
Documentation


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-04-07 11:15 
Normal user

Joined: 2009-09-29 05:14
Posts: 43
Hi,

I have a question... Could someone tell me where the raw emails if Hmail Server detected a spam emails? Is it save to the database or just the eml files?


JUN


Top
 Profile  
 
 Post subject: Re: spam problem with empty sender address
PostPosted: 2011-04-07 12:33 
Site Admin
User avatar

Joined: 2005-07-29 16:18
Posts: 13812
Location: UK
All email accepted by hmail is stored in the data directory. No emails are stored in the database.

_________________
If at first you don't succeed, bomb disposal probably isn't for you! ヅ


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 9 posts ] 


Who is online

Users browsing this forum: No registered users and 13 guests



Search for:
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group