From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <369357c0d0deb554ca87450d7d085935@plan9.bell-labs.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] upas "open relay" issue From: "Russ Cox" MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Mon, 21 Oct 2002 02:39:48 -0400 Topicbox-Message-UUID: 08aa05d8-eacb-11e9-9e20-41e7f4b1d025 This is our /mail/lib/smtpd.conf that gets used for the outside interface. Make sure you've got the syntax right. g% cat /mail/lib/smtpd.conf.ext # # smtpd configuration options for external gateway # change verifysenderdom & saveblockedmsg when dirty converted # defaultdomain plan9.bell-labs.com norelay on #turn off relaying verifysenderdom on #dns verification of sender domain saveblockedmsg on #save blocked messages # # networks that are allowed to relay through us # ournets 135.104.0.0/16 #mh ournets 135.180.0.0/16 #ho ournets 204.178.16.5/32 #www.bell-labs.com ournets 204.178.16.43/32 #www1.bell-labs.com # # domains that we will accept mail for # these must match the rewrite rules # ourdomains *.lucent.com, *.bell-labs.com ourdomains [204.178.31.2] #achille g% I do expect upas to be dealing with your problem better, since we've had the same troubles and fixed them. I run a scan every night to make sure we've not fallen into any of the various smtp blacklists. Smtpd knows about multiple @ signs and should be getting it rihgt. We do have a separate rule in our /mail/lib/rewrite that says: # reject any address with a % because spammers might try to relay through us using # it and an internal machine .*%.* | "/mail/lib/haspercent '&' '\s'" but this isn't your problem (yet). g% cat /mail/lib/haspercent #!/bin/rc { echo ''$1'' is an illegal address. echo We don''t relay mail to addresses containing a %. echo echo '==================================================' echo sed 1d } | upasname=/dev/null mail -s 'illegal address' $2 g%