LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Breach in Sendmail Security? (http://www.linuxquestions.org/questions/linux-security-4/breach-in-sendmail-security-349234/)

bper 08-02-2005 11:15 AM

Breach in Sendmail Security?
 
Hi,

I just received an email from "A User"@{mydomain}.com with the subject "Re: {some subject}". There is no such user authorized (by me) to send email from my server. I'm also using spamassassin-2.44.11.8.x and it must not be properly configured because there is still a host of unwanted messages comming in.

I thought that I covered the bases as far as sendmail security was concerned. Is there a checklist that I can go through to make sure that I am less vulnerable? I'm running sendmail-8.12.8-9.90 on RedHat 9.0 kernel 2.4.20-20.9.

Any help would be appreciated.

Thanks.

Capt_Caveman 08-02-2005 05:48 PM

The "From" field on the email could have been forged. Take a look at your maillogs for any outgoing messages from that user. Also, the log entry for that particular incoming message should also indicate whether it was sent locally or remotely.

Pete M 08-02-2005 06:40 PM

bper

I'm not saying don't worry or check your security but it happens all the time on my sendmail server

What I have done is add entries to /etc/mail/virtusertable listing all genuine email addresses mapped to users like this

Code:

peter@mydomain.com    peter
john@mydomain.com    john

Then the last entry is
Code:

@mydomain.com    error:nouser User unknown
If you want to do this remember to add entries for admin@mydomain, hostmaster etc because only entries in this table will be allowed everything else is rejected

You need to create virtusertable.db from virtusertable which on redhat is simply run make on the command line while you are in the /mail directory

You can also check your server here just add your domain name in the first box

Something else you may find of interest is SpamBouncer I find it very effective against spam and is very configurable

Pete


All times are GMT -5. The time now is 06:51 PM.