LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Spoofing emails or probably just missconfigured. Help! (https://www.linuxquestions.org/questions/linux-newbie-8/spoofing-emails-or-probably-just-missconfigured-help-231408/)

Drakon 09-16-2004 12:27 PM
Spoofing emails or probably just missconfigured. Help!
 
Ok after trying for 3 days to get postfix with cyrus-sasl and mysql working i finally gave up, and followed the sugestion of one good buddy of mine to install qmail. Following the install tutorial and scripts at www.qmailrocks.com. I was using mandrake and was somehow discouraged by the lack of guides for this distro but hey redhat is like mandrake so maybe i'll get an error compiling some stuff but at least i'll have a clear conscience. Not the case as it installed quite nice, error free(nice tutorial... if every program had scripts like this i wouldn't grow so many white hairs).
Went for vpopmail with mysql since i use this database for programing and i thought i'd manage. Installed also courier imap as shown in the tut. Ok everything worked smoothly. Next day at work created a mail for myself drakon@myserver.com and one named marketing@myserver.com for the marketing dude.I started Outlook in Windows and created the accounts. Not paying enough attention, i typed at my acount the email address marketing@myserver.com but at acount name drakon@myserver.com and the password and selected my server requiers authentification and log in with drakon@myserver.com and same password. So i use the marketing email but the acount and password drakon(say any ordinary user who has an acount and password). When i sent a mail i received it at my yahoo acount as coming from marketing. Ok my problem i said.

But then i tried my friend's server which compiled vpopmail without mysql. He gave me an acount for testing when i was undecided to go for qmail to try it out and i also knew he had the office@friendserver.com for sending official emails. So same move: email acount office@friendserver.com but the acount and authentification: test@friendserver.com with the password he gave me for the test acount. I sent him an email saying that his firm was having financial troubles and that he advises the reciever of the email to contact another firm. The mail came from office@friendserver.com and of course he was as worried as me.

So it seams that anyone who has an ordinary email acount on the server can send emails in the name of the system administrator or any department for example.
My question? Is there something i can do?Anyone has same problem? Can't figure out much from the logs since they are full of: Check for proper operation and configuration of the File Access Monitor daemon (famd). I know that famd must be started, but this doesn't start although portmap is started. But i don't think that this email spoofing would be reported in the errors logs..

Hope anyone has a solution and thanks for the time reading.

rjlee 09-20-2004 09:00 AM
Qmail will generally let you inject whatever you like into the queue, unless you tell it otherwise.

Overall, there is no good solution to stop (malicious) email spoofing, as anyone can set up an SMTP client and send mail directly to the recipiant if they want to. So I doubt if qmail will bother with any method of stopping it.

I guess you could probably put in some sort of filter to stop it on this particular server, to compare the received username with the from username in the headers.


All times are GMT -5. The time now is 09:14 AM.