[ctw] Re: ForgedHELO
- From: "IBS Ltd." <admin@xxxxxxxxxxxx>
- To: ctw@xxxxxxxxxxxxx
- Date: Fri, 10 Jul 2009 22:12:42 -0300
Good day,.
At 1:37 AM -0300 7/10/09, IBS Ltd. wrote:
Hi,.
Scratch my last message for not being able to send to the outside
world... that was an LDAP issue - shutting off LDAP was the
solution - I can now email out (yeah for me). hehe... sheesh...
only two thousand options left to figure out!!
LOL LDAP seems to work for me under 1.5.1.3
Well,. I may have it set up wrong with EIMS (and when I say 'may' I
mean MOST LIKELY hehe).
I have set up an email account under the default domain: ldap@
Set up the password in assp
I see assp hit the eims server - so it is trying to check in.
I sent a test from hotmail.
eims error showed that I had the 'require secure authentication'
selected so it wasn't able to check the account.
(I do have it set to force auth in assp now)
I removed the secure authentication check in eims for the ldap@ account
I resent the test from hotmail and got the spoofing error - the ldap
check is looking for the hotmail address instead of the local address
- thus a spoofing error.
In LDAP root container - I do not have anything... and I do not have
the LDAP Failures return false selected...
Hmmm.... I think I am almost there...
I am going to try adding DOMAIN in LDAP root container and check the
LDAP Failures return false to see if that fixes anything.
ASSP is an excellent application... just lots of tweaking (for me
anyway)...
Hey it allows you to do what you want and need to do. Once
configured it is WONDERFUL. It just hums. You can set it up to send
you summaries of blocked mail or if you are a hoster send each sub
admin their own reports! Cool.
Oh there is no doubt this is one seriously excellent proxy... just a
bazillion checkboxes and things to screw with my life until I
understand it better... :-D
I am still seeing the spoofing issue - shutting off the check
allowed things to pass through ok...
In order to activate the spoof check - do I have to force
authentication on 587?
I'll have to check if there are alternatives but everything we do
here is auth. If you have webservers etc you can whitelist by IP
for example.
Ya - auth is the only way to fix spoofing... no question about it...
I am trying to get this to work without Force SMTP AUTH... I have
many users I will be moving to assp - having them make a bunch of
changes to their email applications, devices etc. is not the
preferred method - but I am starting to think it is the only
method...
I am not sure how you can easily do that when they are logging in
from the outside world.
Auth is the only way around it... other than shutting it off - and
that is not a good plan....
The biggest problem is that the outside world has become much more
hostile than when we all started. Breaking in and cooping has
become too widespread. I could probably come up with a way BUT it
would be easily spoofable.
I completely agree....
Moving to auth now is the only safe way.
Yes - it looks that way....
Look at it this way you were able to put off auth for a long time
but the world changes and I am sure that your users will understand
the need for security, after all it is their reputation as well.
No worries - I was just looking for a way out hehe.... I will give
our customers excellent instructions to follow - and then wait for
the phone to ring when they call asking what to do!! :-D
Thanks for all the help Tom - very much appreciated sir!!
It was all your bragging about assp on the eims list that got me in
this mess though... hehe...
Have a great night
--
Gary
Circle The Wagons
manage: //www.freelists.org/list/ctw
post: mailto:ctw@xxxxxxxxxxxxx
unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: //www.freelists.org/archives/ctw
faq: //www.freelists.org/wiki/the_faq
Other related posts:
