Project Gamera, spam bypassing gateway

Dan E · Unread post by **Dan E** » Wed Nov 29, 2006 7:47 pm

Firstly just like to say thanks for Gamera, made putting in an email gateway a whole lot easier than it would have been otherwise.

I have a few hundred domain names, all of whose MX records point to my Gamera gateway server. The gateway does a good job filtering spam and viri. The problem is that spammers are still sending mail directly to the internal server and bypassing the gateway despite no MX records pointing at it. This is a little annoying! The internal server is Plesk, and all the mail users use it to send their email through.

Does anyone have an idea how to get the internal Plesk server to only accept SMTP from my Gamera gateway and authenticated users, blocking anything else?

Any help/ideas appreciated!

Dan

breun · Unread post by **breun** » Thu Nov 30, 2006 5:46 am

I'm not a Gamera user, but maybe the Black List and White List under Server -> Mail on the Plesk box could come in useful here?

Unread post by **scott** » Thu Nov 30, 2006 10:09 am

Thats a really good question, if they're still sending to the real MTA Id first double check your MX records just in case thats the real culprit. Otherwise, there isn't any authentication type feature in psa's qmail that would let you do it. I can think of some hacks you could use with tcpserver and a 3rd-party app like relayclient (what PSA uses for pop-locking). As sort of a temporary workaround you could try adding a new SMTP port for your users to send through, and then use firewall rules to only allow inbound SMTP (25/465) from the PG box.

breun · Unread post by **breun** » Thu Nov 30, 2006 10:25 am

I hear spammers are also using A records for domains to send spam to, so even if you have your MX records set to a PG box the spambots that target A records will be sending spam to your Plesk box directly.

Inaba · Unread post by **Inaba** » Thu Nov 30, 2006 12:25 pm

I have the same problem - I put qgreylist on the Plesk box, but not on the PG box. This eliminated a good portion of the spam, but not all of it... it's turned down to an acceptable level, though, with qgreylist.

Unread post by **scott** » Thu Nov 30, 2006 2:13 pm

They will also go frequently go after the highest MX record first, so one thing I do is throw an MX record at the end pointing to either localhost or some other invalid IP address.

Dan E · Unread post by **Dan E** » Thu Nov 30, 2006 4:43 pm

breun wrote:I hear spammers are also using A records for domains to send spam to, so even if you have your MX records set to a PG box the spambots that target A records will be sending spam to your Plesk box directly.

That may be the case. The server used to accept mail directly, so perhaps it's on a "known" list of smtp servers.

There are definitely no stray MX records, and changing the SMTP port to a secret one isn't really an option as users don't like change

I suppose qgreylist could work, but there must be a better way of doing it.

Dan E · Unread post by **Dan E** » Sat Dec 02, 2006 9:50 pm

Ok, here's my solution...

- I've added the gateway server to the allowed relays white-list in Plesk.
- Made rcpthosts blank.

That's it, and seems to work ok.... but it is late and I am tired

Authorised users can relay, and the gateway server can send mail in.

I've got a script that runs every minute that echo > /var/qmail/control/rcpthosts to overwrite anything Plesk does to the file.

Anyone spot any potential problems with this?

Dan