LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-03-2006, 02:56 PM   #1
sbms
LQ Newbie
 
Registered: Dec 2005
Posts: 10

Rep: Reputation: 0
Sendmail sending mail from non-existant users


I am trying to determine how to stop this situation. If I read my mail, sometimes I will receive spam addressed from someone who is not a user but using my domain name.

Example:

Normal user mail might be bill@mysystem.com and I can read Bill's mail because he is a valid user.

Problem spam might come from xxyyzz@mysystem.com, and I know that there is no xxyyzz user on this domain.

I am afraid that this server might be sending this spam to other users as well. How do I stop this from sending the spam?

Tom
 
Old 04-04-2006, 06:31 PM   #2
fiery_ice
Member
 
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33

Rep: Reputation: 15
relay access is allowed by default from the home domain, but blocked from outsiders. this is so, in postfix anyway.

check your postfix configuration, if thats what you use.
if someone telnets from your box to your box at port 25, its really easy to send spam mail.

my conf file is in /etc/postfix/main.cf
from that file:
Code:
# TRUST AND RELAY CONTROL

# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix.  See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
 
Old 04-05-2006, 07:28 AM   #3
Wells
Member
 
Registered: Nov 2004
Location: Florida, USA
Distribution: Debian, Redhat
Posts: 383

Rep: Reputation: 31
The other way that this can work is if someone telnets to port 25 (i.e. connects to your smtp server) from anywhere and sends mail to anyone AT your domain, it will go through. This is not considered relaying email, since the mail would be delivered locally.

You might want to take a look at your mail server configuration and see if there is a catch-all type directive setup so that any mail sent to your server that does not have a valid username gets pushed to you.
 
Old 04-05-2006, 11:24 AM   #4
fiery_ice
Member
 
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33

Rep: Reputation: 15
Quote:
Originally Posted by Wells
The other way that this can work is if someone telnets to port 25 (i.e. connects to your smtp server) from anywhere and sends mail to anyone AT your domain, it will go through. This is not considered relaying email, since the mail would be delivered locally.

You might want to take a look at your mail server configuration and see if there is a catch-all type directive setup so that any mail sent to your server that does not have a valid username gets pushed to you.
Odd.. are you sure about that?
I just tried to telnet to my home mail server, from work, and wasn't allowed to do that.
reply was:
Code:
550 <foo@www.mydomain.ca>: Recipient address rejected: User unknown in local recipient table
So I tried to make the recipient a know local user, and a recieved a 250 Ok message. I then quit. So it seems to work for a local user that is know on my system, but not an unknown one...
If your example is true, it must be disabled in my configuration.
 
Old 04-05-2006, 12:10 PM   #5
Wells
Member
 
Registered: Nov 2004
Location: Florida, USA
Distribution: Debian, Redhat
Posts: 383

Rep: Reputation: 31
Interesting. It does look like you are not doing any sort of catch-all filtering. In that case, I think my next step would be to take a look at the full headers of one of these messages you are receiving and see what they have to say about who it is really being sent to...
 
Old 04-05-2006, 12:49 PM   #6
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
Quote:
I am trying to determine how to stop this situation. If I read my mail, sometimes I will receive spam addressed from someone who is not a user but using my domain name.
This does not mean that your domain is the origin of the spam. It's trivial to fake a sender address. The important thing is that you not be an open relay -- you need to be sure of that. If you wish, you can tighten your config somewhat to prevent getting spam (such as not accepting mail addressed from a non-existent user in your domain, etc.), but that's beside the point. On the surface of it, what you're observing is not a cause for concern.
 
Old 04-05-2006, 03:09 PM   #7
fiery_ice
Member
 
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33

Rep: Reputation: 15
Quote:
Originally Posted by Berhanie
This does not mean that your domain is the origin of the spam. It's trivial to fake a sender address. The important thing is that you not be an open relay -- you need to be sure of that. If you wish, you can tighten your config somewhat to prevent getting spam (such as not accepting mail addressed from a non-existent user in your domain, etc.), but that's beside the point. On the surface of it, what you're observing is not a cause for concern.
Agreed. Spoofing mail to an internal user is very trivial. I've done it myself. Its also easy to send spoof mail from the localhost to anywhere, appearing to be from anywhere. Postfix trusts the local host as i posted earlier when it comes to relaying mail.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail - not sending mail movitto Linux - Software 9 09-19-2014 03:23 AM
Sending mail to other users Echo Kilo Linux - General 1 06-06-2005 02:53 PM
Sending mail without sendmail geomonap Linux - Security 2 12-21-2004 01:32 AM
sendmail not sending mail clinger Linux - Software 8 07-30-2004 02:29 AM
Sending mail between users ewto Linux - Newbie 3 03-31-2004 08:53 AM


All times are GMT -5. The time now is 06:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration