Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
They are messing up my sendmail. My mail gets looped because they somehow include email address
<>@mydomain.com and for some reason mail starts looping and fills up my var partition.
Any suggestions
i rejected mail to
<>@mydomain.com
but need to check if <> aren't some special charaters for access db
no the problem is external abusers. they setup their spam so it appears to be from our local domain and use our sendmail to spam others, and we'll get blocked
Use qmail (www.qmail.org). It's much easier to configure than sendmail (worked with both) and you can easily specify who is allowed to do what - which is what it seems your problem is. You can mail me with any questions (koningshoed@freemail.absa.co.za).
you mean blackhole?
but the blackhole won't help if spammers are messing up mail headers so the sendmail accepts is as trusted mail and start sending spam
Of course it will, as the initial connection will be refused before any sending of mail is done. Here's yesterday's reject log from my mail server:
2002-06-01 07:43:06 recipients from fep02.superonline.com [212.252.122.41] refused
------------------------------------------------------------------------------
2002-06-01 10:19:25 recipients refused from 122.reverse237.fmcf.fr [217.112.237.122] (RBL relays.osirusoft.com)
------------------------------------------------------------------------------
2002-06-01 19:12:04 recipients from fep02.superonline.com [212.252.122.41] refused
------------------------------------------------------------------------------
2002-06-01 20:08:08 recipients refused from 01-086.067.popsite.net [64.24.72.86] (RBL relays.osirusoft.com)
------------------------------------------------------------------------------
2002-06-01 21:10:19 recipients from [66.237.120.201] refused (failed to find host name from IP address)
------------------------------------------------------------------------------
2002-06-01 23:48:25 recipients from [66.180.237.58] refused (failed to find host name from IP address)
------------------------------------------------------------------------------
2002-06-02 01:46:00 recipients refused from lsmail6.oin2.com [65.118.64.251] (RBL relays.osirusoft.com)
------------------------------------------------------------------------------
2002-06-02 05:48:41 recipients from [210.187.6.26] refused (failed to find host name from IP address)
------------------------------------------------------------------------------
clues:/var/log/exim# cat rejectlog
2002-06-02 13:25:59 refused relay (host) to <areyoublind@aol.com> from <firstcomm1@china.com> H=adsl-32-102-242.bhm.bellsouth.net (mail.china.com) [67.32.102.242]
------------------------------------------------------------------------------
2002-06-02 13:25:59 refused relay (host) to <cutco@inbox.lv> from <firstcomm1@china.com> H=adsl-32-102-242.bhm.bellsouth.net (mail.china.com) [67.32.102.242]
------------------------------------------------------------------------------
Or just set up a list of trusted ip's (obviously you know what the ip's of you lan is). Then set up rules for who's allowed to relay any mail, and the rest will only be allowed to "deliver" mail to your system.
Ooh, that is bad. I don't know how hetzner does it (www.hetzner.co.za) but they require pop action before smtp, in that way, you have to read your mail before you can send any, this will confirm your ip to the server and then you can be sure that the user on that ip is in fact a user of your system (they managed to authenticate with pop). Hope you can find a package to do this (try telnetting into their smtp server - most packages advertize in the header line).
That is not my problem. Perhaps have another net-detect utility that tries to connect to the server every one minute to report the ip, if the program does not connect for 5 minutes drop that ip from the list of allowed relayers? Just use ipchains or something similar to sumarily block everyone you don't want - permitting your not anyone's mx entry .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.