Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » securing the mailserver
  •  
evert-a

Messages: 2
Karma: 0
Send a private message to this user
first i want to give you my compliments for such a great tool.

configuring the postfix is a time consuming job, and the configuration of kerio mailserver is done within 30 minutes or so.

back to my problem
I noticed some one wanted to relay from my mailserver.

Quote:

[02/Dec/2006 12:06:06] Relay attempt from IP address 125.225.25.52, mail from <h6i9d.5ow2f0<.a.t.>msa.hinet.net> to <sr2_serch<.a.t.>yahoo.com.tw> rejected


i have done a:
alowa only relay from> LAN IP

I have NO open relay setuped.

Is this type of configuration enough to keep relay-spammers away from the server???
  •  
SjoerdH

Messages: 5
Karma: 0
Send a private message to this user
Yes,

The people who aren't in your lan are rejected.
You could also user the option to authenticate first (for sure)

  •  
seali

Messages: 55
Karma: 0
Send a private message to this user
That is not entirely true. If they have a rootkit installed or you have a insecure PHP script or even if they spoof your IP address, they might be able to relay through your server. I would suggest, to be more secure, to only allow relay from authenticated clients. Which can be done quite easily in KMS.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
If you have a rootkit, relaying spam is the least of your worries. Chances are, with a rootkit that can relay spam, they're not going to be using KMS anyway, and would have their own SMTP server on the machine for that purpose. Plus, there's the threat of the rootkit maker having potential full access to your network which would worry me far more than relaying spam.

Spoofing an IP address shouldn't be a worry either. Any decent firewall should recognize the IP address is coming from the wrong side, and reject the connection as a spoof.

An insecure PHP script is a possibility for abuse. If that's the case, they probably wouldn't need a LAN IP address. Exploits for this type of thing generally go for relay from the outside - the person exploiting it would first need to know you allow relay for LAN IP addresses. If they know this much about your config already, or if they can easily get this information, again, you've got more to worry about than relaying mail. Then they'd have to spoof the address, which the firewall should stop.

I'd be more worried about abuse from the inside. An infected computer on the LAN abusing the relay, or just a criminally minded employee. I would only allow relay to authenticated clients, or, to specific IP addresses if you run into authentication problems with a network application. I wouldn't give blanket relay rights to the entire LAN.

Scott
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Simply disable relaying for everyone (except possibly some whitelisted IP addresses).

Setup all normal clients to do some form of authentication before sending (and preferably only use encrypted protocols). You wouldn't normally have to explicitly allow anyone relay rights. Either your users want to sent email and they can authenticate, or someone else wants to deliver email to your domain, which is always accepted.
Previous Topic: Webmail cutting off part of email
Next Topic: mails deliverd 1h earlier
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Oct 21 05:06:08 CEST 2017

Total time taken to generate the page: 0.00455 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.