LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-16-2004, 01:27 PM   #1
Drakon
LQ Newbie
 
Registered: Aug 2003
Distribution: RedHat
Posts: 1

Rep: Reputation: 0
Spoofing emails or probably just missconfigured. Help!


Ok after trying for 3 days to get postfix with cyrus-sasl and mysql working i finally gave up, and followed the sugestion of one good buddy of mine to install qmail. Following the install tutorial and scripts at www.qmailrocks.com. I was using mandrake and was somehow discouraged by the lack of guides for this distro but hey redhat is like mandrake so maybe i'll get an error compiling some stuff but at least i'll have a clear conscience. Not the case as it installed quite nice, error free(nice tutorial... if every program had scripts like this i wouldn't grow so many white hairs).
Went for vpopmail with mysql since i use this database for programing and i thought i'd manage. Installed also courier imap as shown in the tut. Ok everything worked smoothly. Next day at work created a mail for myself drakon@myserver.com and one named marketing@myserver.com for the marketing dude.I started Outlook in Windows and created the accounts. Not paying enough attention, i typed at my acount the email address marketing@myserver.com but at acount name drakon@myserver.com and the password and selected my server requiers authentification and log in with drakon@myserver.com and same password. So i use the marketing email but the acount and password drakon(say any ordinary user who has an acount and password). When i sent a mail i received it at my yahoo acount as coming from marketing. Ok my problem i said.

But then i tried my friend's server which compiled vpopmail without mysql. He gave me an acount for testing when i was undecided to go for qmail to try it out and i also knew he had the office@friendserver.com for sending official emails. So same move: email acount office@friendserver.com but the acount and authentification: test@friendserver.com with the password he gave me for the test acount. I sent him an email saying that his firm was having financial troubles and that he advises the reciever of the email to contact another firm. The mail came from office@friendserver.com and of course he was as worried as me.

So it seams that anyone who has an ordinary email acount on the server can send emails in the name of the system administrator or any department for example.
My question? Is there something i can do?Anyone has same problem? Can't figure out much from the logs since they are full of: Check for proper operation and configuration of the File Access Monitor daemon (famd). I know that famd must be started, but this doesn't start although portmap is started. But i don't think that this email spoofing would be reported in the errors logs..

Hope anyone has a solution and thanks for the time reading.
 
Old 09-20-2004, 10:00 AM   #2
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,990

Rep: Reputation: 69
Qmail will generally let you inject whatever you like into the queue, unless you tell it otherwise.

Overall, there is no good solution to stop (malicious) email spoofing, as anyone can set up an SMTP client and send mail directly to the recipiant if they want to. So I doubt if qmail will bother with any method of stopping it.

I guess you could probably put in some sort of filter to stop it on this particular server, to compare the received username with the from username in the headers.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
convert html emails to plain text emails andredude Linux - General 6 03-20-2005 01:33 PM
IP spoofing prinski Linux - Security 2 03-25-2004 01:27 PM
Ip spoofing !! freelinuxcpp Linux - Networking 4 03-01-2004 02:08 PM
IP spoofing tied2 Linux - Security 4 07-30-2002 08:55 AM
IP Spoofing robeb Linux - Security 2 06-25-2002 01:08 AM


All times are GMT -5. The time now is 05:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration