Re: spam attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Yes!

This solution will allow remote users to connect to SMTP server with autorization. But how to stop
connections from other mail server to my mail server for deliver mail which destination or source
address is not in my local network? One sendmail server can connect to my mail server and
transport mail body, and must have to connect - without any kind of autrization.

So, question is how to reject mail body, when dest. or src. addrest in not local, when sendmail
have no public IP address? In my case, i cant use /mail/access or how?

TP


--- Jan Stifter <j.stifter@medres.ch> wrote:
> hello Tomasz,
> what you need is called "POP before SMTP". So every user outside of
> the network needs first to sucessfully perform a USER xxx PASS xxx on
> the pop daemon, then, he is allowed to use STMP.
> 
> Bye the way: I recommend you hardly to switch to qmail.
> Jan
> 
> 
> 
> On Wed, 29 Jan 2003 15:55:42 +0000 (GMT), Tomasz Popik
> <popikt@yahoo.com> wrote:
> 
> >Hello Everyone!
> >
> >I new here, i have wroute this message, because my
> >server was spam attacked, from 22 to 29 jan. Today i
> >have found that i have relay bug in /etc/mail/access.
> >And i need help to sove that.
> >
> >At 6:00 CET, i have logged in, and found that 90% of
> >CPU was consumed by unkow proceses. It was strange,
> >because linux box is powerfull. $ps aux gives me sure
> >that 90 times was runing sendmail. Next
> >/var/spool/mail/root was 800MB size, full of
> >MAILER-DAEMON. Next /var/mail/mqueu has 300.000 files
> >waited for later delivery. 
> >
> >Some one found my sendmail server as spam sender, it
> >was 100% sure.
> >
> >I was countinue to investigate probelm, and found that
> >/etc/mail/access list have one to more IP.
> >
> >Here i must describe network layout : NAT-GATEWAY IP
> >is public xxx.xxx.xxx.xxx. This box have two eths,
> >inside is 192.168.0.2. The sendmail box have eth0
> >192.168.0.3. I have dos SNAT and DNAT at
> >xxx.xxx.xxx.xxx box, to redirect ports 25 and 110 to
> >192.168.0.3.
> >
> >So now, the sendmail server see the internet via
> >192.168.0.2, and this was the key. Sendmail accepst
> >all mails send to delivery via IP 192.168.0.3.
> >
> >Here is situation right now , log:
> >===================================
> >Jan 29 08:48:21 greattower sendmail[14542]:
> >h0T7jR8C014542: ruleset=check_rcpt,
> >arg1=<fudcr@bellsouth.net>, relay=my.domain
> >[xxx.xxx.xxx.xxx] (may be forged), reject=550 5.7.1
> ><fudcr@bellsouth.net>... Relaying denied. IP name
> >possibly forged [xxx.xxx.xxx.xxx]
> >==========================
> >
> >So i have edited my /etc/mail/access and erase
> >192.168.0.2 RELAY
> >
> >This was solution, spamers soon or later, found that
> >his emails is rejected, and stop to do its crime. But
> >i have problem.
> >
> >Now my POP3 and SMTP ports are not working for people
> >form outside of my network (7000 yard long and 150
> >machine LANed). This is problem, because many of my
> >network people are in travel and want to send/receive
> >their mail.
> >
> >Here is question, how to open send/recevie mail for
> >outside peoples without beeing a remailer? How to
> >detect that his or she have mail account on my server?
> >
> >Thank for attention, and sorry for english.
> >TP
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Everything you'll ever need on one web page
> >from News and Sport to Email and Music Charts
> >http://uk.my.yahoo.com
> >------------------------------------------------------------------------
> >     To unsubscribe email security-discuss-request@linuxsecurity.com
> >         with "unsubscribe" in the subject of the message.
> >
> 
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux