From owner-freebsd-isp Thu Jan 30 16:28:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA15725 for isp-outgoing; Thu, 30 Jan 1997 16:28:37 -0800 (PST) Received: from ns2.harborcom.net (root@ns2.harborcom.net [206.158.4.4]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA15720 for ; Thu, 30 Jan 1997 16:28:35 -0800 (PST) Received: from localhost (bradley@localhost) by ns2.harborcom.net (8.8.5/8.8.4) with SMTP id TAA26069; Thu, 30 Jan 1997 19:28:33 -0500 (EST) Date: Thu, 30 Jan 1997 19:28:32 -0500 (EST) From: Bradley Dunn X-Sender: bradley@ns2.harborcom.net To: dwoodward@intraserve.com cc: freebsd-isp@freebsd.org Subject: Re: Spam from rival In-Reply-To: <199701302256.OAA07913@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 30 Jan 1997 dwoodward@intraserve.com wrote: > You may have allowed them to obtain most of your client's email > addresses list by leaving in.fingerd in your inetd.conf file! This is FreeBSD. It is just fingerd. No in. prefix. > I suggest you: > > A) "rem" it out of inetd.conf or Rem? Isn't that a band? If one wants to turn off a service, one comments it out with an # (hash). > B) use tcpd and block access via /etc/hosts.deny to all but "trusted" > domains or. > C) Filter TCP port 79 at your router. > > Remember the key question is: How did they get your client's addresses? > The Finger daemon is your most likely cause. > > Try: finger @clari.net.au and see what you get. I got the standard "must provide username". FreeBSD ships with the -s option to fingerd enabled in inetd.conf. > If you are running in.fingerd with the -w command you are telling the > whole world alot more than they need to know about your system. Again, this is FreeBSD. There is no -w switch to fingerd. To learn anything from fingerd as shipped in FreeBSD, one has to know the username one is fingering. If you already have the username, you certainly don't need finger to build a spam list now do you? The easiest way to build a list is just call up and ask for a shell account. Then use a little perl script to extract names from /etc/passwd. Solution: Don't offer shell accounts. You will probably lose at least a few customers if you do that. Whether the business lost is worth the added costs of shell accounts is obviously a business decision. Bradley Dunn HarborCom