RE: Contacting an Open Relay server user by spammer

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: RE: Contacting an Open Relay server user by spammer

So, forgive the sendmail newbie question...

I am attempting to setup a sendmail server that will receive (and relay) emails from users.  These users do not reside on the same network as my server.  In fact, I have no way of knowing what domains the various users will be on.

The only way I have found to stop relaying is unfortunately reactive instead of proactive.  When I see someone using my server as a relay, I put their domain information in the access file under REJECT.

If not to add insult to injury, as I understand it if I am to allow my users to log in to send/retrieve messages from anywhere, I must have the FEATURE (promiscuous_relay) enabled.  Since many of the users are laptops, again there is no telling where they will be logging in from, so I also need to use the FEATURE (accept_unresolvable_domains).  Both of those options seem to leave the box wide-open.  I have heard about SMTP_AUTH, but haven't read about it yet.

Please understand that I am quite new to this.  Actually, I don't understand how one can use the server as a relay without having a user account.  Clearly I have much to learn.

Any insights would be greatly appreciated.

Monty




 -----Original Message-----
From:   Michael Schwendt [mailto:ms0301rh@arcor.de]
Sent:   Wednesday, January 22, 2003 10:38 AM
To:     psyche-list@redhat.com
Subject:        Re: Contacting an Open Relay server user by spammer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 22 Jan 2003 16:56:51 +0100, Peter Boy wrote:

> > Efficiently, you can fight SPAM only where you have control over a
> > mail server and where you can reject messages or deny access.
>
> We have full control here (and ask ordb and osirus for open relay
> before accepting mail as a first defense). Do you know about good
> examples how to configure sendmail or postfix without engaging
> complete programs like spamassessin (just plain sendmail / m4
> configuration options/rewriting rules)?

No, I don't know of any such method beyond blacklisting IPs and
entire domains. IMHO, SPAM/UCE can only be detected by analyzing
subject line and message body (like SpamAssassin does it).

It's just that once a server has accepted a message, the spammer is
happy, and it's too late to send out any mailer-daemon notification
because that one will never reach the spammer who uses faked or
non-existant e-mail addresses.

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+LskB0iMVcrivHFQRAlYeAJ96gSSCA34J5ZeccC7AzCsZe991XACfZtQy
Qip1TI4uaBMyC6IFGGtEV74=
=1MI9
-----END PGP SIGNATURE-----



--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list

[Index of Archives]     [Fedora General Discussion]     [Red Hat General Discussion]     [Centos]     [Kernel]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat 9]     [Gimp]     [Yosemite News]

  Powered by Linux