Breach in Sendmail Security?
Hi,
I just received an email from "A User"@{mydomain}.com with the subject "Re: {some subject}". There is no such user authorized (by me) to send email from my server. I'm also using spamassassin-2.44.11.8.x and it must not be properly configured because there is still a host of unwanted messages comming in. I thought that I covered the bases as far as sendmail security was concerned. Is there a checklist that I can go through to make sure that I am less vulnerable? I'm running sendmail-8.12.8-9.90 on RedHat 9.0 kernel 2.4.20-20.9. Any help would be appreciated. Thanks. |
The "From" field on the email could have been forged. Take a look at your maillogs for any outgoing messages from that user. Also, the log entry for that particular incoming message should also indicate whether it was sent locally or remotely.
|
bper
I'm not saying don't worry or check your security but it happens all the time on my sendmail server What I have done is add entries to /etc/mail/virtusertable listing all genuine email addresses mapped to users like this Then the last entry is Code:
@mydomain.com error:nouser User unknown You need to create virtusertable.db from virtusertable which on redhat is simply run make on the command line while you are in the /mail directory You can also check your server here just add your domain name in the first box Something else you may find of interest is SpamBouncer I find it very effective against spam and is very configurable Pete |
All times are GMT -5. The time now is 04:32 PM. |