From owner-freebsd-questions  Thu Aug  6 13:14:00 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA18096
          for freebsd-questions-outgoing; Thu, 6 Aug 1998 13:14:00 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA18076
          for <freebsd-questions@FreeBSD.ORG>; Thu, 6 Aug 1998 13:13:45 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.5/8.8.8) with SMTP id NAA24087;
          Thu, 6 Aug 1998 13:13:20 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Thu, 6 Aug 1998 13:13:20 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: Frank Griffith <frankg@idfw.com>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Security
In-Reply-To: <001801bdbf32$6b8cc6e0$0200a8c0@fast1.dfw.com>
Message-ID: <Pine.BSF.4.00.9808061312320.28098-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On Mon, 3 Aug 1998, Frank Griffith wrote:

> I have FreeBSD 2.2.6 running and I connect to the Internet 
> using a dynamic connection. For kicks, I run Apache 1.3.0 
> web server on this same unit. It appears that while I've been 
> testing my server, some bozo came in and used sendmail 
> to send some rough and threatening e-mail to someone. My 
> ISP even cancelled my account until I proved I had nothing 
> to do with it.
> 
> If someone came in, unathorized that is, and used 
> my mail server to send mail, which log file would show me 
> this intrusion?  How can I prevent this from happening again?

Disable all non-essential services from /etc/rc.conf. You do not need to
have sendmail running if you will not be receiving mail at this address.
Also rake /etc/inetd.conf for noncritical services.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message