LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Sendmail Spammer Prevention (https://www.linuxquestions.org/questions/linux-software-2/sendmail-spammer-prevention-752208/)

zachlac 09-02-2009 04:01 PM
Sendmail Spammer Prevention
 
Someone has decided to relay LOTS of spam through our sendmail server. I know almost nothing about sendmail. I want to still allow our users to send mail through our server while in the field, but block this spammer. How should I go about this?

Facts:
-It is POSSIBLE, though not probable, that they hacked our web server at some point over the past few days, though the password has since been changed.
-They send through about half (10) of our employees' addresses, but only started a few days ago. Hence I doubt they guessed their passwords in that time.
-An example sendmail log entry of the spammer:
116797:Sep 2 16:47:17 www sendmail[29878]: n82KlF6E029878: from=<daniel@[OURCOMPANYNAME].com>, size=6462, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=189-73-143-176.dsl.pltce701.brasiltelecom.net.br [189.73.143.176] (may be forged)

Ideas?

brian3 09-03-2009 02:48 AM
Quote:
Originally Posted by zachlac (Post 3667352)
Someone has decided to relay LOTS of spam through our sendmail server. I know almost nothing about sendmail. I want to still allow our users to send mail through our server while in the field, but block this spammer. How should I go about this?

Facts:
-It is POSSIBLE, though not probable, that they hacked our web server at some point over the past few days, though the password has since been changed.
-They send through about half (10) of our employees' addresses, but only started a few days ago. Hence I doubt they guessed their passwords in that time.
-An example sendmail log entry of the spammer:
116797:Sep 2 16:47:17 www sendmail[29878]: n82KlF6E029878: from=<daniel@[OURCOMPANYNAME].com>, size=6462, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=189-73-143-176.dsl.pltce701.brasiltelecom.net.br [189.73.143.176] (may be forged)

Ideas?
Hi zachlac if i was you change to firebird email, i have useing it for 10 months and not one spam

repo 09-03-2009 02:51 AM
Quote:
Hi zachlac if i was you change to firebird email, i have useing it for 10 months and not one spam
Sendmail is a MTA, firebird is a mail client.
http://en.wikipedia.org/wiki/Mail_transfer_agent
http://en.wikipedia.org/wiki/E-mail_client

zachlac 09-03-2009 12:55 PM
Progress...
 
So I've forced SSL/TLS and disabled anonymous login, as well as enabled relaying. Ideally now someone should have to provide credentials to send through our relay. The problem now is that I don't know how to check to see if this fixed the problem. The log shows that the spammers are still trying, but I can't tell if the mail's getting through.

Also, we're having trouble allowing our employees to send mail from outside of our domain through our relay. They keep getting
550 5.7.1 <[SOMEEMAIL]@gmail.com>... Relaying denied. Proper authentication required.

We're using saslauthd, which is using PAM. Should I switch to shadow, passwd, or what? What's the advantage to PAM, and is there a major disadvantage to shadow?

Thanks.


All times are GMT -5. The time now is 05:44 AM.