Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-14-2006, 08:22 AM
|
#1
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Rep:
|
stoping spam via telnet 25
Hello everyone,
I tried to send a mail via
telnet XXX.com 25
entered fake mail id as of abc@XXX.com
and then the mail came to me as if it came to me from an authentic mail id located at XXX.com.
How can I stop that? (Anyone can send spam using that domain)
Thanks in advance
|
|
|
06-14-2006, 08:34 AM
|
#2
|
Member
Registered: Oct 2005
Location: Denmark
Distribution: Gentoo & XP pro for gaming
Posts: 152
Rep:
|
Quote:
Originally Posted by imagineers7
Hello everyone,
I tried to send a mail via
telnet XXX.com 25
entered fake mail id as of abc@XXX.com
and then the mail came to me as if it came to me from an authentic mail id located at XXX.com.
How can I stop that? (Anyone can send spam using that domain)
|
This is a common-spam-tool (call it whatever you like) you cant stop people from sending fake emails, but you can Require a digital signature in your emails and drop everyone else that doesn't thats how hotmail works i think.
|
|
|
06-14-2006, 08:40 AM
|
#3
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Original Poster
Rep:
|
Hi phsythax ,
Thanks for the reply,
But I hope, ther must be some other way too.
|
|
|
06-14-2006, 12:37 PM
|
#4
|
Senior Member
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549
Rep:
|
First of all you should have configured your email server properly so that only your own users can use it to relay. Ie. anyone (assuming your email server is publicly accessible) should be able to use it to send email addressed to your domain(s), but only your users/networks should be able to use it to send email to other domains as well.
Assuming you've got that setup you can decide wether your users can be trusted not to send silly emails with the from address as 'president@whiteshouse.gov' or something. If you think they can't then look at setting restrictions on the sender addresses that are allowed.
For postfix see:
http://www.postfix.org/postconf.5.ht...r_restrictions (or `man 5 postconf`)
You could combine this with SMTP authentication so that users are actually logging in to the smtp server to send email, and using an SSL encrypted connection to do so:
http://www.postfix.org/docs.html (see TLS and SASL sections)
Other mail servers will have similar options and HOWTOs if you google around.
|
|
|
06-14-2006, 01:07 PM
|
#5
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Not only can people maliciously use your server as a relay, they can pertend to be other servers sending you genuine mail from others. This is why it is important to configure SPF correctly with DNS. All serious mailservers should have SPF records. Even though this is a protection, it is spoofable, so the only way to be sure a specific email is secure is to use some sort of public key encryption.
|
|
|
06-14-2006, 01:21 PM
|
#6
|
Senior Member
Registered: Nov 2004
Distribution: Mint, MX, antiX, SystemRescue
Posts: 2,337
|
Quote:
Originally Posted by imagineers7
telnet XXX.com 25
|
This is called an "open mail relay" and it's a bad thing. If YOU own XXX.com, read up on sendmail and how to secure it. If you're just using someone ELSE's open mail relay, then there's nothing you can do about it. THEY have to fix it.
|
|
|
06-15-2006, 01:52 AM
|
#7
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Original Poster
Rep:
|
Thanks everyone,
I think I need some long study sessions than quick fix guides. I just tried to send fake mails via a mail server which other admins look after, I can't look into the matter but I will suggest them when I would be completely able to do it myself.
Thanks again
|
|
|
06-15-2006, 10:54 AM
|
#8
|
HCL Maintainer
Registered: Jan 2006
Distribution: (H)LFS, Gentoo
Posts: 2,450
Rep:
|
Quote:
Originally Posted by haertig
This is called an "open mail relay" and it's a bad thing. If YOU own XXX.com, read up on sendmail and how to secure it. If you're just using someone ELSE's open mail relay, then there's nothing you can do about it. THEY have to fix it.
|
That's what I was talking about (you can choose not to accept emails that appear to be forged). The SPF (Sender Policy Framework) is a now widely used method of making sure the MAIL FROM in an email is not forged. Basically, the receiving server queries the MX records for the DNS of a domain. If the domain is setup seriously, it will have policies defined telling who is authorized to send mail from that domain. There is usually policies for APPROVED, NEUTRAL, SOFT-FAIL, FAIL (the acceptance or rejection based on these targets is left up to the recieving end). If there are no policies, the recieving end usually accepts the email.
|
|
|
06-16-2006, 05:41 AM
|
#9
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Original Poster
Rep:
|
Thanks again osor and everyone
|
|
|
All times are GMT -5. The time now is 01:51 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|