My qmail server is being used to send spam

yukon

Valued Member
Here is my predicament with our little qmail with vpopmail backend server . . . it's nearly *too good.* Basically, what I mean is the relay is so fast that, some fool is trying to use it to spam via error messages (spoof addresses and, your spam gets delivered with the appropriate NDR). There really is no way of blocking this type of mail without spam blockers (such as SpamAssassin). What I would like to do is block all IPs within the APNIC range from even getting a HELO message:

APNIC allocates resources in the following ranges within the Asia Pacific region:

IPv4

58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8

112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
116.0.0.0/8
117.0.0.0/8
118.0.0.0/8
119.0.0.0/8
120.0.0.0/8
121.0.0.0/8
122.0.0.0/8
123.0.0.0/8
124.0.0.0/8
125.0.0.0/8
126.0.0.0/8
169.208.0.0/12

202.0.0.0/8*
203.0.0.0/8
210.0.0.0/8
211.0.0.0/8
218.0.0.0/8
219.0.0.0/8
220.0.0.0/8
221.0.0.0/8
222.0.0.0/8
 

EQ Admin

EQ Forum Admin
Staff member
Hello,

While approaching the problem with this solution may provide a temporary and partial fix to your problem, I would not consider it the best solution. Your mail server is vulnerable to backscattering. Please see my article on how to prevent backscatter for the best solution. For your server I recommend the chkuser patch mention in the solutions section of the article.

To answer your original question, yes, it is possible to deny incoming connections from specific networks. Update your cdb file with the networks you want to deny. The path to it is specified in your $qmail/supervise/qmail-smtpd/run file. Some example lines to deny the networks listed above are:

125.:deny,RELAYCLIENT=""
126.:deny,RELAYCLIENT=""
169.208.:deny,RELAYCLIENT=""
You should be able to use that example to generate the rest of the deny lines needed.

-Raymond
 
Top