Sendmail Spammer Prevention
Someone has decided to relay LOTS of spam through our sendmail server. I know almost nothing about sendmail. I want to still allow our users to send mail through our server while in the field, but block this spammer. How should I go about this?
Facts: -It is POSSIBLE, though not probable, that they hacked our web server at some point over the past few days, though the password has since been changed. -They send through about half (10) of our employees' addresses, but only started a few days ago. Hence I doubt they guessed their passwords in that time. -An example sendmail log entry of the spammer: 116797:Sep 2 16:47:17 www sendmail[29878]: n82KlF6E029878: from=<daniel@[OURCOMPANYNAME].com>, size=6462, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=189-73-143-176.dsl.pltce701.brasiltelecom.net.br [189.73.143.176] (may be forged) Ideas? |
Quote:
|
Quote:
http://en.wikipedia.org/wiki/Mail_transfer_agent http://en.wikipedia.org/wiki/E-mail_client |
Progress...
So I've forced SSL/TLS and disabled anonymous login, as well as enabled relaying. Ideally now someone should have to provide credentials to send through our relay. The problem now is that I don't know how to check to see if this fixed the problem. The log shows that the spammers are still trying, but I can't tell if the mail's getting through.
Also, we're having trouble allowing our employees to send mail from outside of our domain through our relay. They keep getting 550 5.7.1 <[SOMEEMAIL]@gmail.com>... Relaying denied. Proper authentication required. We're using saslauthd, which is using PAM. Should I switch to shadow, passwd, or what? What's the advantage to PAM, and is there a major disadvantage to shadow? Thanks. |
All times are GMT -5. The time now is 05:44 AM. |