Date: Sun, 20 Oct 1996 23:21:37 -0500 (CDT) From: Jay E Erickson <erickson@server.gf-net.af.mil> To: "Timothy P. Layton, Sr." <tlayton@global-sol.com> Cc: questions@FreeBSD.ORG Subject: Re: HELP !!! I have a mail hacker. Message-ID: <Pine.BSF.3.91.961020231241.21572A-100000@server.gf-net.af.mil> In-Reply-To: <199610190913.JAA07351@global-sol.com>
next in thread | previous in thread | raw e-mail | index | archive | help
To reduce this type of activity I did three things:
1. Installed TCP Wrappers
2. Ran my smtp traffic through TCP Wrappers (three steps)
(the wrappers install docs helped me with this)
added the next line to my /etc/inetd.conf
smtp stream tcp nowait root /usr/libexec/tcpd /usr/sbin/sendmail -bs
and added the next two lines to my /etc/crontab for root
# Check sendmail queue every 30 minutes
*/30 * * * * root /usr/sbin/sendmail -q
set the sendmail option in the /etc/sysconfig to "no"
if you don't want to use crontab you can set the sendmail option in the
/etc/sysconfig to "-q30m"
3. in my /etc/sendmail.cf file I set
O PrivacyOptions=goaway
step 1 is just a good idea
step 2 makes sure the IP address = thier long address i.e.
204.216.27.18 = FreeBSD.org
and step 3 forces smtp mailers to greet you with hello and doesn't let
them expand on any lists or verify any users.
this dosen't make you 100% safe but every little bit counts.
On Sat, 19 Oct 1996, Timothy P. Layton, Sr. wrote:
> Help !!!
>
> my mail host is receiving a couple thousand messages per night
> from a ficticous user at a fake domain.
>
> I looked in the maillog and found what domain the messages where
> coming from.
>
> Can I reject all mail from a single domain, and can I take it even
> further by refusing any type of connection from a domain ??
Yes. TCP wrappers can do this for you
Jay Erickson
Erickson@server.gf-net.af.mil
or Jay@Erickson.gf-net.af.mil
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961020231241.21572A-100000>