From owner-freebsd-security Sun Dec 15 07:50:33 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA09405 for security-outgoing; Sun, 15 Dec 1996 07:50:33 -0800 (PST) Received: from passer.osg.gov.bc.ca (0@passer.osg.gov.bc.ca [142.32.110.29]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id HAA09396 for ; Sun, 15 Dec 1996 07:50:31 -0800 (PST) Received: from localhost (15005@localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.8.4/8.6.10) with SMTP id HAA14407; Sun, 15 Dec 1996 07:50:23 -0800 (PST) From: Cy Schubert - ITSD Open Systems Group Message-Id: <199612151550.HAA14407@passer.osg.gov.bc.ca> X-Authentication-Warning: passer.osg.gov.bc.ca: 15005@localhost [127.0.0.1] didn't use HELO protocol Reply-to: cschuber@uumail.gov.bc.ca X-Mailer: MH X-Sender: cschuber To: Doug Kwan ~{9XUq5B~} cc: security@freebsd.org Subject: Re: mail bomb! In-reply-to: Your message of "Sun, 15 Dec 96 23:17:33 +0800." Date: Sun, 15 Dec 96 07:50:23 -0800 X-Mts: smtp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I've used the following to ban known advertisers to my desktop Alpha at work. Someone had posted it on BUGTRAQ about six months ago and unfurtunately I cannot remember his name. Put the following in your sendmail.cf. . . . # FK /etc/banned.domains CK banned.domain1 ... banned.domainN # FX /etc/banned.users CX banned.user1 ... banned.userN . . . S98 R$* < @$*$=K . > $* $#error $@ 5.7.1 $: "This domain is banned" R$* < @$*$=K > $* $#error $@ 5.7.1 $: "This domain is banned" R$*$=X < @$* . > $* $#error $@ 5.7.1 $: "This user is banned" R$*$=X < @$* > $* $#error $@ 5.7.1 $: "This user is banned" . . . Regards, Phone: (250)387-8437 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it." > Hi all, > > We are a small ISP in Hong Kong. Our machines run both Linux > and FreeBSD. Recently we found that an ex-user of ours wanted to revenge. > That stupid kid grabbed a programme call kaboom! from the net and sent > fake mails to all our user saying the our servers will be down for 6 days > for maintenance. Needless to say, we receives many complaints from our > users. What's more the damned kid send the very same message several time. > We spent hours cleaning other users mail box. For the time being we had > no solution to this except setting our routers to filter our packets from > the relaying host used by that sucker. > > Has anyone on the list had similar experience? What could we do > against this? I know filtering mails would be next to impossible. How > about reject fake mails? We are running and ESMTP mail server and it > logs all incoming IP's in the mails delivered. Is there anyway to > reject mails with sending addresses in our domain but comming from outside? > > Any comment and suggest will be highly appreciate. > > Thanks > > -Doug Kwan >