From owner-freebsd-security  Mon Jul 28 22:56:07 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id WAA12930
          for security-outgoing; Mon, 28 Jul 1997 22:56:07 -0700 (PDT)
Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA12882;
          Mon, 28 Jul 1997 22:56:00 -0700 (PDT)
Received: from localhost (vince@localhost)
	by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id WAA08587;
	Mon, 28 Jul 1997 22:55:56 -0700 (PDT)
Date: Mon, 28 Jul 1997 22:55:55 -0700 (PDT)
From: Vincent Poy <vince@mail.MCESTATE.COM>
To: Gary Palmer <gpalmer@FreeBSD.ORG>
cc: John Dowdal <jdowdal@destiny.erols.com>, security@FreeBSD.ORG,
        JbHunt <johnnyu@accessus.net>, "[Mario1-]" <mario1@PrimeNet.Com>
Subject: Re: security hole in FreeBSD 
In-Reply-To: <5360.870155459@orion.webspan.net>
Message-ID: <Pine.BSF.3.95.970728225233.3844B-100000@mail.MCESTATE.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Tue, 29 Jul 1997, Gary Palmer wrote:

=)Vincent Poy wrote in message ID
=)<Pine.BSF.3.95.970728224331.3844x-100000@mail.MCESTATE.COM>:
=)> 	I wasn't talking about erols but with some isp's for things such
=)> as relaying spam mail.
=)
=)You can take legal action against people who's machines were exploited
=)to relay spam mail? Wow!

	No not really but I was talking abouse people who were using
aol.com accounts and psi.net accounts to send mail using us as a relay and
then it uses the other machines as a relay too but all the mails will
bounce to the postmaster address on our machine.

=)I think perhaps you have to understand that if they were used as a
=)relay for spam mail, they are going to get *FLOODED* with mail (I know
=)from experience). Theres not a thing you can do (well, I stayed up all
=)night once and fitted anti-relay rules to sendmail, but in the past
=)they weren't available). Most people will just delete or refile the
=)complaints, since they can't really do anything about the user
=)originated them. Complaining to relays rarely does any good. Either
=)they can't be bothered to fix it, or don't know how. Thats when cisco
=)access list rules to block their mail hosts come in handy.

	I know what you mean here.  We tried sendmail anti-relay rules.
While it worked, there were more problems generated than it fixed.  All I
know is some companies use something other than sendmail they custom
designed and had a way to kill the process but for icmp floods, the ISP
would be responsible since it's a DoS attack.  


Cheers,
Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]