Stupid, stupid spoofing
*New to Linux*
My company is a victim of spoofing. When i checked the sendmail.mc file, there were no actual options in it.. just a bunch of lines saying "You are blacklisted because you are a damn spammer" `dnsl' ..was this caused by the spoofer? Also, I ran netstat -pantu to see all the ports open and i can see ports that the spammer are connected to. For exmaple, on my sendmail port (25) it says 31397/sendmail: k9s I tried closing all the ports that the spammers were connected to, but every time i close the ports.. they just connect to others. I have no idea how to stop this. Is there anyway i could block outgoing mail from a user that starts with k9? Sorry for not being clear. That's the best i can explain. |
You should not let your server be an open relay.
Also, you might want to use SPF to reduce spoofing. |
Ok, but how do i make it to where it won't be an open relay?
|
Quote:
Aside: One of the problems with plain-old SMTP auth is that it basically authorizes anyone in the system to spoof from your domain. This is not a problem if you have only a few trustworthy users, but becomes a problem if you serve a lot (e.g., After learning only one user's username/password combination, I could spoof emails that seem to originate from any of your users). Of course there are ways around this, but the protocol alone is insecure (and inconsistent). |
Another point: after you get this setup, you're only halfway done... You need to go to the various popular blacklists, and get your name off their list (usually by some process that ends up in your clicking a button that says "Check if domain is still an open relay" or something).
|
So, changing the passwords for all my users (i don't have THAT many). Would that help something? I know that when i came to this company, the passwords were rather simple. Thanks for your patience with me. I am a makeshift network admin and you guys are helping me take up a lot of slack.
|
All times are GMT -5. The time now is 12:55 AM. |