LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-14-2006, 08:22 AM   #1
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Rep: Reputation: 30
stoping spam via telnet 25


Hello everyone,

I tried to send a mail via

telnet XXX.com 25

entered fake mail id as of abc@XXX.com
and then the mail came to me as if it came to me from an authentic mail id located at XXX.com.

How can I stop that? (Anyone can send spam using that domain)



Thanks in advance
 
Old 06-14-2006, 08:34 AM   #2
phsythax
Member
 
Registered: Oct 2005
Location: Denmark
Distribution: Gentoo & XP pro for gaming
Posts: 152

Rep: Reputation: 30
Quote:
Originally Posted by imagineers7
Hello everyone,
I tried to send a mail via
telnet XXX.com 25
entered fake mail id as of abc@XXX.com
and then the mail came to me as if it came to me from an authentic mail id located at XXX.com.
How can I stop that? (Anyone can send spam using that domain)
This is a common-spam-tool (call it whatever you like) you cant stop people from sending fake emails, but you can Require a digital signature in your emails and drop everyone else that doesn't thats how hotmail works i think.
 
Old 06-14-2006, 08:40 AM   #3
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Original Poster
Rep: Reputation: 30
Hi phsythax ,



Thanks for the reply,

But I hope, ther must be some other way too.
 
Old 06-14-2006, 12:37 PM   #4
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 52
First of all you should have configured your email server properly so that only your own users can use it to relay. Ie. anyone (assuming your email server is publicly accessible) should be able to use it to send email addressed to your domain(s), but only your users/networks should be able to use it to send email to other domains as well.

Assuming you've got that setup you can decide wether your users can be trusted not to send silly emails with the from address as 'president@whiteshouse.gov' or something. If you think they can't then look at setting restrictions on the sender addresses that are allowed.

For postfix see:
http://www.postfix.org/postconf.5.ht...r_restrictions (or `man 5 postconf`)
You could combine this with SMTP authentication so that users are actually logging in to the smtp server to send email, and using an SSL encrypted connection to do so:
http://www.postfix.org/docs.html (see TLS and SASL sections)

Other mail servers will have similar options and HOWTOs if you google around.
 
Old 06-14-2006, 01:07 PM   #5
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 78
Not only can people maliciously use your server as a relay, they can pertend to be other servers sending you genuine mail from others. This is why it is important to configure SPF correctly with DNS. All serious mailservers should have SPF records. Even though this is a protection, it is spoofable, so the only way to be sure a specific email is secure is to use some sort of public key encryption.
 
Old 06-14-2006, 01:21 PM   #6
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337

Rep: Reputation: 358Reputation: 358Reputation: 358Reputation: 358
Quote:
Originally Posted by imagineers7
telnet XXX.com 25
This is called an "open mail relay" and it's a bad thing. If YOU own XXX.com, read up on sendmail and how to secure it. If you're just using someone ELSE's open mail relay, then there's nothing you can do about it. THEY have to fix it.
 
Old 06-15-2006, 01:52 AM   #7
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Original Poster
Rep: Reputation: 30
Thanks everyone,


I think I need some long study sessions than quick fix guides. I just tried to send fake mails via a mail server which other admins look after, I can't look into the matter but I will suggest them when I would be completely able to do it myself.


Thanks again
 
Old 06-15-2006, 10:54 AM   #8
osor
HCL Maintainer
 
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450

Rep: Reputation: 78
Quote:
Originally Posted by haertig
This is called an "open mail relay" and it's a bad thing. If YOU own XXX.com, read up on sendmail and how to secure it. If you're just using someone ELSE's open mail relay, then there's nothing you can do about it. THEY have to fix it.
That's what I was talking about (you can choose not to accept emails that appear to be forged). The SPF (Sender Policy Framework) is a now widely used method of making sure the MAIL FROM in an email is not forged. Basically, the receiving server queries the MX records for the DNS of a domain. If the domain is setup seriously, it will have policies defined telling who is authorized to send mail from that domain. There is usually policies for APPROVED, NEUTRAL, SOFT-FAIL, FAIL (the acceptance or rejection based on these targets is left up to the recieving end). If there are no policies, the recieving end usually accepts the email.
 
Old 06-16-2006, 05:41 AM   #9
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Original Poster
Rep: Reputation: 30
Thanks again osor and everyone
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 05:18 AM
stoping a module tintilin Slackware 8 02-09-2005 02:57 PM
procmail and spam -- do not send out of office auto replay to spam draix Linux - Software 0 12-30-2004 09:35 AM
What other anti-spam for Linux that can be used, other than Spam assassin? johnportiz Linux - Software 6 01-27-2004 04:17 AM
Stoping xwindows from starting embalmedlenin Debian 7 09-26-2003 12:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration