Date: Mon, 16 Dec 1996 23:44:54 +0800 (HKT)
From: Doug Kwan ~{9XUq5B~} <ctkwan@cs.hku.hk>
To: mika ruohotie <bsdsec@shadows.aeon.net>
Cc: security@freebsd.org
Subject: Re: mail bomb!
Message-ID: <Pine.SUN.3.91.961216233834.9815A-100000@champion>
In-Reply-To: <199612161201.OAA11649@shadows.aeon.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Mon, 16 Dec 1996, mika ruohotie wrote: > you are using sendmail, right? > > you should atleast have this in your /etc/sendmail.cf > > O PrivacyOptions=authwarnings,needmailhelo,needexpnhelo,novrfy > > and then run it with loglevel 12, that should atleast help you from > tracking down from where he's connecting, assuming you have no clue. Our mail daemon always logs the IP address of the incoming mails but that bastard uses relaying hosts. So if the relaying hosts do not log the IP address of the mail source we cannot trace the origin. We have to contact the administrators of the relaying hosts for information. Some are will to help but not all. Typically, what we do not is to set our routers to stop all traffic between us and a relaying host. Now all the spam mails will be stuck in the relaying host. We will send a warning message to the adminstrator there via another channel telling him/her better cleanning the out-going mail queue before it is too late. > > but still, the administrative messages should _always_ be authenticated. > Will do. Thanks -Doug
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.91.961216233834.9815A-100000>