Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-03-2006, 03:56 PM
|
#1
|
LQ Newbie
Registered: Dec 2005
Posts: 10
Rep:
|
Sendmail sending mail from non-existant users
I am trying to determine how to stop this situation. If I read my mail, sometimes I will receive spam addressed from someone who is not a user but using my domain name.
Example:
Normal user mail might be bill@mysystem.com and I can read Bill's mail because he is a valid user.
Problem spam might come from xxyyzz@mysystem.com, and I know that there is no xxyyzz user on this domain.
I am afraid that this server might be sending this spam to other users as well. How do I stop this from sending the spam?
Tom
|
|
|
04-04-2006, 07:31 PM
|
#2
|
Member
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33
Rep:
|
relay access is allowed by default from the home domain, but blocked from outsiders. this is so, in postfix anyway.
check your postfix configuration, if thats what you use.
if someone telnets from your box to your box at port 25, its really easy to send spam mail.
my conf file is in /etc/postfix/main.cf
from that file:
Code:
# TRUST AND RELAY CONTROL
# The mynetworks parameter specifies the list of "trusted" SMTP
# clients that have more privileges than "strangers".
#
# In particular, "trusted" SMTP clients are allowed to relay mail
# through Postfix. See the smtpd_recipient_restrictions parameter
# in postconf(5).
#
# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).
#
# By default (mynetworks_style = subnet), Postfix "trusts" SMTP
# clients in the same IP subnetworks as the local machine.
# On Linux, this does works correctly only with interfaces specified
# with the "ifconfig" command.
|
|
|
04-05-2006, 08:28 AM
|
#3
|
Member
Registered: Nov 2004
Location: Florida, USA
Distribution: Debian, Redhat
Posts: 417
Rep:
|
The other way that this can work is if someone telnets to port 25 (i.e. connects to your smtp server) from anywhere and sends mail to anyone AT your domain, it will go through. This is not considered relaying email, since the mail would be delivered locally.
You might want to take a look at your mail server configuration and see if there is a catch-all type directive setup so that any mail sent to your server that does not have a valid username gets pushed to you.
|
|
|
04-05-2006, 12:24 PM
|
#4
|
Member
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33
Rep:
|
Quote:
Originally Posted by Wells
The other way that this can work is if someone telnets to port 25 (i.e. connects to your smtp server) from anywhere and sends mail to anyone AT your domain, it will go through. This is not considered relaying email, since the mail would be delivered locally.
You might want to take a look at your mail server configuration and see if there is a catch-all type directive setup so that any mail sent to your server that does not have a valid username gets pushed to you.
|
Odd.. are you sure about that?
I just tried to telnet to my home mail server, from work, and wasn't allowed to do that.
reply was:
Code:
550 <foo@www.mydomain.ca>: Recipient address rejected: User unknown in local recipient table
So I tried to make the recipient a know local user, and a recieved a 250 Ok message. I then quit. So it seems to work for a local user that is know on my system, but not an unknown one...
If your example is true, it must be disabled in my configuration.
|
|
|
04-05-2006, 01:10 PM
|
#5
|
Member
Registered: Nov 2004
Location: Florida, USA
Distribution: Debian, Redhat
Posts: 417
Rep:
|
Interesting. It does look like you are not doing any sort of catch-all filtering. In that case, I think my next step would be to take a look at the full headers of one of these messages you are receiving and see what they have to say about who it is really being sent to...
|
|
|
04-05-2006, 01:49 PM
|
#6
|
Senior Member
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625
Rep:
|
Quote:
I am trying to determine how to stop this situation. If I read my mail, sometimes I will receive spam addressed from someone who is not a user but using my domain name.
|
This does not mean that your domain is the origin of the spam. It's trivial to fake a sender address. The important thing is that you not be an open relay -- you need to be sure of that. If you wish, you can tighten your config somewhat to prevent getting spam (such as not accepting mail addressed from a non-existent user in your domain, etc.), but that's beside the point. On the surface of it, what you're observing is not a cause for concern.
|
|
|
04-05-2006, 04:09 PM
|
#7
|
Member
Registered: Sep 2005
Location: Ontario
Distribution: Debian, Ubuntu
Posts: 33
Rep:
|
Quote:
Originally Posted by Berhanie
This does not mean that your domain is the origin of the spam. It's trivial to fake a sender address. The important thing is that you not be an open relay -- you need to be sure of that. If you wish, you can tighten your config somewhat to prevent getting spam (such as not accepting mail addressed from a non-existent user in your domain, etc.), but that's beside the point. On the surface of it, what you're observing is not a cause for concern.
|
Agreed. Spoofing mail to an internal user is very trivial. I've done it myself. Its also easy to send spoof mail from the localhost to anywhere, appearing to be from anywhere. Postfix trusts the local host as i posted earlier when it comes to relaying mail.
|
|
|
All times are GMT -5. The time now is 06:09 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|