From owner-freebsd-security Mon Dec 16 04:03:10 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id EAA21482 for security-outgoing; Mon, 16 Dec 1996 04:03:10 -0800 (PST) Received: from shadows.aeon.net (bsdsec@shadows.aeon.net [194.100.41.1]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id EAA21477 for ; Mon, 16 Dec 1996 04:03:05 -0800 (PST) Received: (from bsdsec@localhost) by shadows.aeon.net (8.8.4/8.8.3) id OAA11649; Mon, 16 Dec 1996 14:01:55 +0200 (EET) From: mika ruohotie Message-Id: <199612161201.OAA11649@shadows.aeon.net> Subject: Re: mail bomb! To: ctkwan@cs.hku.hk (Doug Kwan ~{9XUq5B~}) Date: Mon, 16 Dec 1996 14:01:55 +0200 (EET) Cc: cschuber@uumail.gov.bc.ca, security@freebsd.org In-Reply-To: from Doug Kwan ~{9XUq5B~} at "Dec 16, 96 10:47:01 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Sun, 15 Dec 1996, Cy Schubert - ITSD Open Systems Group wrote: > Unfortunately, that jerk uses fake e-mail address. He sent mail > in our support account's name. We cannot filter mails from our > support account. you are using sendmail, right? you should atleast have this in your /etc/sendmail.cf O PrivacyOptions=authwarnings,needmailhelo,needexpnhelo,novrfy and then run it with loglevel 12, that should atleast help you from tracking down from where he's connecting, assuming you have no clue. but still, the administrative messages should _always_ be authenticated. > -Doug mickey -- mika ruohotie mika@aeon.net