LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 08-02-2005, 10:15 AM   #1
bper
Member
 
Registered: Oct 2003
Posts: 64

Rep: Reputation: 15
Breach in Sendmail Security?


Hi,

I just received an email from "A User"@{mydomain}.com with the subject "Re: {some subject}". There is no such user authorized (by me) to send email from my server. I'm also using spamassassin-2.44.11.8.x and it must not be properly configured because there is still a host of unwanted messages comming in.

I thought that I covered the bases as far as sendmail security was concerned. Is there a checklist that I can go through to make sure that I am less vulnerable? I'm running sendmail-8.12.8-9.90 on RedHat 9.0 kernel 2.4.20-20.9.

Any help would be appreciated.

Thanks.

Last edited by bper; 08-02-2005 at 10:23 AM.
 
Old 08-02-2005, 04:48 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
The "From" field on the email could have been forged. Take a look at your maillogs for any outgoing messages from that user. Also, the log entry for that particular incoming message should also indicate whether it was sent locally or remotely.
 
Old 08-02-2005, 05:40 PM   #3
Pete M
Member
 
Registered: Aug 2003
Location: UK
Distribution: Redhat 9 FC 3 SUSE 9.2 SUSE 9.3 Gentoo 2005.0 Debian Sid
Posts: 657

Rep: Reputation: 30
bper

I'm not saying don't worry or check your security but it happens all the time on my sendmail server

What I have done is add entries to /etc/mail/virtusertable listing all genuine email addresses mapped to users like this

Code:
peter@mydomain.com    peter
john@mydomain.com    john
Then the last entry is
Code:
@mydomain.com     error:nouser User unknown
If you want to do this remember to add entries for admin@mydomain, hostmaster etc because only entries in this table will be allowed everything else is rejected

You need to create virtusertable.db from virtusertable which on redhat is simply run make on the command line while you are in the /mail directory

You can also check your server here just add your domain name in the first box

Something else you may find of interest is SpamBouncer I find it very effective against spam and is very configurable

Pete
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM
Network Security Breach nbjayme Linux - Security 0 03-17-2004 06:49 PM
security breach: send mail to unknown address? graffitici Linux - Security 4 01-29-2004 05:27 PM
HTTP access_log: security breach? lhoff Linux - Security 3 02-16-2002 11:10 AM
Security breach? lhoff Linux - Security 5 02-15-2002 01:33 AM


All times are GMT -5. The time now is 01:25 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration