Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 15 Dec 96 07:50:23 -0800
From:      Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
To:        Doug Kwan ~{9XUq5B~} <ctkwan@cs.hku.hk>
Cc:        security@freebsd.org
Subject:   Re: mail bomb! 
Message-ID:  <199612151550.HAA14407@passer.osg.gov.bc.ca>
In-Reply-To: Your message of "Sun, 15 Dec 96 23:17:33 %2B0800." <Pine.SUN.3.91.961215230653.15897A-100000@champion>
next in thread | previous in thread | raw e-mail | index | archive | help 

I've used the following to ban known advertisers to my desktop Alpha
at work.  Someone had posted it on BUGTRAQ about six months ago and
unfurtunately I cannot remember his name.

Put the following in your sendmail.cf.

.
.
.
# FK /etc/banned.domains
CK banned.domain1 ... banned.domainN
# FX /etc/banned.users
CX banned.user1 ... banned.userN
.
.
.
S98
R$* < @$*$=K . > $*   $#error $@ 5.7.1 $: "This domain is banned"
R$* < @$*$=K > $*     $#error $@ 5.7.1 $: "This domain is banned"
R$*$=X < @$* . > $*   $#error $@ 5.7.1 $: "This user is banned"
R$*$=X < @$* > $*     $#error $@ 5.7.1 $: "This user is banned"
.
.
.


Regards,                       Phone:  (250)387-8437
Cy Schubert                    OV/VM:  BCSC02(CSCHUBER)
Open Systems Support          BITNET:  CSCHUBER@BCSC02.BITNET
ITSD                        Internet:  cschuber@uumail.gov.bc.ca
                                       cschuber@bcsc02.gov.bc.ca

		"Quit spooling around, JES do it."

> Hi all,
> 
> 	We are a small ISP in Hong Kong. Our machines run both Linux
> and FreeBSD. Recently we found that an ex-user of ours wanted to revenge.
> That stupid kid grabbed a programme call kaboom! from the net and sent
> fake mails to all our user saying the our servers will be down for 6 days
> for maintenance. Needless to say, we receives many complaints from our
> users. What's more the damned kid send the very same message several time.
> We spent hours cleaning other users mail box. For the time being we had
> no solution to this except setting our routers to filter our packets from
> the relaying host used by that sucker. 
> 
> 	Has anyone on the list had similar experience? What could we do
> against this? I know filtering mails would be next to impossible. How
> about reject fake mails? We are running and ESMTP mail server and it
> logs all incoming IP's in the mails delivered. Is there anyway to
> reject mails with sending addresses in our domain but comming from outside?
> 
> 	Any comment and suggest will be highly appreciate.
> 
> Thanks
> 
> -Doug Kwan
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612151550.HAA14407>