LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-02-2009, 04:01 PM   #1
zachlac
LQ Newbie
 
Registered: Sep 2009
Posts: 4

Rep: Reputation: 0
Angry Sendmail Spammer Prevention


Someone has decided to relay LOTS of spam through our sendmail server. I know almost nothing about sendmail. I want to still allow our users to send mail through our server while in the field, but block this spammer. How should I go about this?

Facts:
-It is POSSIBLE, though not probable, that they hacked our web server at some point over the past few days, though the password has since been changed.
-They send through about half (10) of our employees' addresses, but only started a few days ago. Hence I doubt they guessed their passwords in that time.
-An example sendmail log entry of the spammer:
116797:Sep 2 16:47:17 www sendmail[29878]: n82KlF6E029878: from=<daniel@[OURCOMPANYNAME].com>, size=6462, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=189-73-143-176.dsl.pltce701.brasiltelecom.net.br [189.73.143.176] (may be forged)

Ideas?
 
Old 09-03-2009, 02:48 AM   #2
brian3
LQ Newbie
 
Registered: Dec 2008
Posts: 15

Rep: Reputation: 0
Quote:
Originally Posted by zachlac View Post
Someone has decided to relay LOTS of spam through our sendmail server. I know almost nothing about sendmail. I want to still allow our users to send mail through our server while in the field, but block this spammer. How should I go about this?

Facts:
-It is POSSIBLE, though not probable, that they hacked our web server at some point over the past few days, though the password has since been changed.
-They send through about half (10) of our employees' addresses, but only started a few days ago. Hence I doubt they guessed their passwords in that time.
-An example sendmail log entry of the spammer:
116797:Sep 2 16:47:17 www sendmail[29878]: n82KlF6E029878: from=<daniel@[OURCOMPANYNAME].com>, size=6462, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=189-73-143-176.dsl.pltce701.brasiltelecom.net.br [189.73.143.176] (may be forged)

Ideas?
Hi zachlac if i was you change to firebird email, i have useing it for 10 months and not one spam
 
Old 09-03-2009, 02:51 AM   #3
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Quote:
Hi zachlac if i was you change to firebird email, i have useing it for 10 months and not one spam
Sendmail is a MTA, firebird is a mail client.
http://en.wikipedia.org/wiki/Mail_transfer_agent
http://en.wikipedia.org/wiki/E-mail_client
 
Old 09-03-2009, 12:55 PM   #4
zachlac
LQ Newbie
 
Registered: Sep 2009
Posts: 4

Original Poster
Rep: Reputation: 0
Progress...

So I've forced SSL/TLS and disabled anonymous login, as well as enabled relaying. Ideally now someone should have to provide credentials to send through our relay. The problem now is that I don't know how to check to see if this fixed the problem. The log shows that the spammers are still trying, but I can't tell if the mail's getting through.

Also, we're having trouble allowing our employees to send mail from outside of our domain through our relay. They keep getting
550 5.7.1 <[SOMEEMAIL]@gmail.com>... Relaying denied. Proper authentication required.

We're using saslauthd, which is using PAM. Should I switch to shadow, passwd, or what? What's the advantage to PAM, and is there a major disadvantage to shadow?

Thanks.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Intrusion Prevention System priyadarshan Linux - Newbie 1 02-20-2009 04:12 AM
Intrusion Detection/prevention msteiner Linux - Security 1 05-14-2007 10:17 AM
looking for ARP poisioning prevention.... Net_Spy Linux - Security 1 04-29-2007 02:19 PM
Sendmail wrapper to detected spammer (which domain is using PHP's mail function? stefaandk Programming 1 02-12-2007 12:13 AM
Enough prevention? Super7 Linux - Security 1 07-18-2006 12:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 12:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration