LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-28-2003, 03:23 PM   #1
Arcane Kidd
Member
 
Registered: Jan 2003
Location: Atlanta USA
Distribution: Mandrake 9.0, Red Hat 8
Posts: 49

Rep: Reputation: 15
Exclamation Mail Bomb(s)


Let me preface this with a big THANK YOU; Hopefully somebody here will be able to help me out--

How should I go about setting up a defense for mass mail bombs that are coming against me and mine? The associated email address and domain names are spoofed. The IP address might be as well and I don't ahve time right ow to cross check their listings for a suspected location that would illustrate a not-so-shocking origin point...??(it wouldn't surprise me to find out that somebody from a specific location would be trying to do this to me and mine)

Can somebody suggest a setup that will filter out these pains-in-my-a$$?

Many thanks!
 
Old 04-28-2003, 03:28 PM   #2
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
Which MTA are you using ?
Are the domain names valid ?
Does the sender address exist ?

If you are using Postfix you should reject email from non-existant domains. And in that case you could do a sender address check for the domains that are commonly spoofed ... don't do a sender address verification for all domains though since this is a resource intensive task!
 
Old 04-28-2003, 03:31 PM   #3
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,571

Rep: Reputation: 180Reputation: 180
Plus look at the IP address. If it's not spoofed, use iptables/ipchains and block packets from the address. It should help.
 
Old 04-28-2003, 04:11 PM   #4
Arcane Kidd
Member
 
Registered: Jan 2003
Location: Atlanta USA
Distribution: Mandrake 9.0, Red Hat 8
Posts: 49

Original Poster
Rep: Reputation: 15
Q. MTA-- Microsoft Transfer Agent?
A. No Microsoft products in the line

Q. Are the Domain Names valid?
A. Yes. But they keep changing.

Q. Does the senders address exist?
A. Yes. but again, they continue to change.
 
Old 04-28-2003, 04:30 PM   #5
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
MTA = mail transport agent


I didn't expect a M$ product otherwise I wouldn't offer help :-p
 
Old 04-28-2003, 04:59 PM   #6
webtoe
Member
 
Registered: Apr 2001
Location: Cambridge, England
Distribution: Slackware 10, Fedora Core 3, Mac OS X
Posts: 617

Rep: Reputation: 30
your best bet is a combination of procmail, spamassassin and vipul's razor. They work a treat for me.

Alex
 
Old 04-29-2003, 12:11 PM   #7
Arcane Kidd
Member
 
Registered: Jan 2003
Location: Atlanta USA
Distribution: Mandrake 9.0, Red Hat 8
Posts: 49

Original Poster
Rep: Reputation: 15
Thnkx. I will give that a shot.

(It's out-of-hand)

The IP Addresses are being spoofed from almost everywhere ranging from China, Korea, Brazil to California (to name a few)

Fun-stuff.

Thanks for the direction.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Suicide Bomb Training for Kids carlosinfl General 6 11-23-2005 02:19 PM
perl module archive bomb??? rino.caldelli Linux - Security 3 07-22-2005 11:33 PM
No sound(Someone bomb IBM) jakob_g Linux - Newbie 7 02-26-2005 06:06 PM
LINUX is the BOMB 69RocketGC LinuxQuestions.org Member Success Stories 1 01-12-2005 06:28 AM
GeForce 4 mx420 bomb twodogsfunking Linux - Newbie 3 05-08-2003 04:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 05:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration