LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-13-2004, 12:38 PM   #1
maxnix
LQ Newbie
 
Registered: Jul 2003
Location: MS
Distribution: RedHat
Posts: 4

Rep: Reputation: 0
Sendmail - Check for Bad From Address?


Can Sendmail be configured to drop or reject the following type of problem mail? My version is 8.11.6 running on RH 7.3

(log example)

=============
from=<>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=au-mai-0002.flow.com.au [202.129.90.209] (may be forged)
=============

I am getting a couple hundred of these attempts logged every day now for about two weeks. They originate from various domains, but all are sent to generic user names AT my domain.

john@mydomain.com
tom@mydomain.com
sarah@mydomain.com

etc...

Of course, none get delivered because I have no such users and my only real damage (I think) is that my logs are getting filled up with these junk entries. But I would like to stop this traffic if at all possible.

When I looked into this subject at Sendmail.org, it seems that Sendmail has some type capability for checking headers....in M4 files I believe.

Is it possible to reject messages with the "from=<>" part of the message being empty?

Thanks for any advice or help.

Thanks,
Max
 
Old 02-13-2004, 01:08 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
from=<> is a legitimate from address. It's used by automated systems to send bounce messages, etc. This is a defense against accidental mail loops, so I strongly recommend you don't drop messages in this format.
 
Old 02-15-2004, 12:00 AM   #3
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Your generic addresses sounds very much like the M.O. of the MyDoom virus. It will send out mail to people in address books and also to Jane@ George@ Cindy@ etc.... It will slow down after a while. It has for the organization I am at.
 
Old 02-15-2004, 11:55 AM   #4
maxnix
LQ Newbie
 
Registered: Jul 2003
Location: MS
Distribution: RedHat
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for the info...seems I have nothing to worry about then either way. ;-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
sendmail > bad address syntax xushi Slackware 7 03-31-2005 02:42 PM
How to do a bad blocks check yelo Linux - General 2 04-02-2004 11:14 PM
bad block check fizazz88 Fedora - Installation 3 03-22-2004 12:37 AM
how can i check my ip address? alexii86 Linux - Newbie 8 10-09-2003 06:09 AM
how to check for bad sector nakkaya Linux - General 1 01-16-2003 08:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:53 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration