SMTP Auth

[Gary Bowling]

Is there any way to tell in the logs if a user is authenticating on send?

 

I'm planning a conversion to force all my users to use smtp auth. However, I wanted to send out a note to get users to change their client set up. Then give them a grace period to get it done.

It would be nice if I could search logs for people who are NOT using it and send out a follow up to those users.

 

_________________________

Gary Bowling

[Miguel Castro]

I believe just logging everything will show you SMTP Auth info. I ve used it in the past when people had problems sending mail.

#############################################################

This message is sent to you because you are subscribed to

  the mailing list <CGat...@mail.stalker.com>.

To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>

To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>

To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>

Send administrative queries to  <CGatePro...@mail.stalker.com>

[Lyle Giese]

Low Level is enough to see the SMTP AUTH.  All Info is way to verbose!

 

Lyle

[Tom Gwilt]

Hi,

I have looked through the archives on this (searched for SMTP AUTH), and haven't found a satisfactory answer.

As an ISP, we provide POP, Webmail, and an occasional IMAP account for those clueful enough to use it.

Over the last several weeks, zombies on our network have sent enough spam out that we are temporarily blacklisted by aol, msn, etc.

The usual MO is that the Return-Path is a set of forged email addresses NOT on our network. They are often things like bi...@dellnet.com, Juli...@yahoo.com, etc. Nothing you can use for the basis of a rule.

I thought that SMTP AUTH would be the solution. We would force local addresses to authenticate prior to sending mail. This doesn't help at all, since the forged address becomes the Return-Path, and the sender is not authenticated.

So, I thought perhaps a rule like this might work:

Source is trusted
>From not in (a pile 'o domain suffixes for the virtuals we host)
Store in ~postmaster/badfroms
Reject with "421 invalid local domain used as From address"

Now before you all flame me, I did NOT want to do this, and have decided not to activate the rule because of the implications inherent in it - for instance someone wants to administer a remote email list and has to do it with a valid email address on the list server.

Here is what I would like to do:

1. When a client attempts to send mail from a client address, authenticate that user _based on the local username_, not the From address. (Hmm. The more I read that, the more confusing it sounds. As an example, let's presume that the user johndoe has set his mail program such that the from address is joh...@yahoo.com, instead of joh...@suite224.net. I want him to authenticate because his connection was from one of the client addresses listed in the Protection area of the Web Administration Screen).

2. Based on that info, I can check the logfiles.

We will be implementing a server that will scan outbound email, but it isn't ready yet, and I'd like to be able to nip this problem in the bud before it gets out of hand.

There has to be some sort of solution for this problem. I am open to any and all suggestions.

Thanks,

Tom

[Todd Schuldt]

We had several zombies earlier this year within one of our subnets and we
handled it like this:

Under Protection:
Client IP Addresses: removed the network IP's of everything except the smtp
server itself and the smarthost we have to use.

Non-Client IP Addresses: Allow mobile users to login and process as a
client ip for 1 second after user disconnects. Remember up to 100
connections (which is twice our inbound connection limit).

On the clients (All Outlook), we turned on smtp auth required for sending.

It blocked the zombies long enough for us to cleanse them. These zombies
were trying to relay out through our smtp server and since they didn't do
smtp auth, we kept rejecting them.

Todd

[Lyle Giese]

Forcing SMTP AUTH on all traffic will fix this problem on one level. As
none of the trojans/viruses are setup to do SMTP AUTH.

The other side is what to do with the clueless users that will have problems
configuring their email clients for SMTP AUTH(or My outgoing server requires
authenication.).

Lyle

----- Original Message -----
From: "Tom Gwilt" <tgw...@suite224.net>
To: "CommuniGate Pro Discussions" <CGat...@mail.stalker.com>
Sent: Monday, June 28, 2004 12:53 PM
Subject: Zombies and SMTP AUTH

[Jeff Wheeler]

My organization is not an ISP, and while I understand requiring SMTP
AUTH could be burdensome on your support department, I think the pros
outweigh the cons dramatically.

It's that whole "AAA" thing people talk about - authentication,
authorization, and accounting. If you don't have your users
authenticate when they send, then it is more difficult to address the
other two network concerns.

I know, I wish I could explain it better than that....but anyway, this
is how I have my server set up:

the only "clients" (IP addresses allowed to send email without
authentication) are internal devices like printers, web server forms,
etc... that I have strict control over and even then only for those
systems that can't do authentication - everything that can authenticate
does, and everything else that can't is out of luck or has to adjust.

--
Jeff Wheeler
Postmaster, Network Admin
US Institute of Peace

[Ted Beckwith]

I need to know how to change the default setting for the number of queued
messages that are dispayed at:

Monitors --> Queue

The admin displays the first 1000 messages in the queue. I need the option
to display all the message.

Any help is appreciated.

Thanks,

Ted

--------------