From owner-freebsd-security Mon Dec 16 07:45:44 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id HAA13238 for security-outgoing; Mon, 16 Dec 1996 07:45:44 -0800 (PST) Received: from ns.cs.hku.hk (ns.cs.hku.hk [147.8.178.10]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id HAA13230 for ; Mon, 16 Dec 1996 07:45:40 -0800 (PST) Received: from champion (champion.cs.hku.hk) by ns.cs.hku.hk with SMTP id AA18005 (5.67b/IDA-1.5 for ) Mon, 16 Dec 1996 23:45:08 +0800 Received: by champion (4.1/S2.0-sunos4) id AA09908; Mon, 16 Dec 96 23:44:54 HKT Date: Mon, 16 Dec 1996 23:44:54 +0800 (HKT) From: Doug Kwan ~{9XUq5B~} To: mika ruohotie Cc: security@freebsd.org Subject: Re: mail bomb! In-Reply-To: <199612161201.OAA11649@shadows.aeon.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, On Mon, 16 Dec 1996, mika ruohotie wrote: > you are using sendmail, right? > > you should atleast have this in your /etc/sendmail.cf > > O PrivacyOptions=authwarnings,needmailhelo,needexpnhelo,novrfy > > and then run it with loglevel 12, that should atleast help you from > tracking down from where he's connecting, assuming you have no clue. Our mail daemon always logs the IP address of the incoming mails but that bastard uses relaying hosts. So if the relaying hosts do not log the IP address of the mail source we cannot trace the origin. We have to contact the administrators of the relaying hosts for information. Some are will to help but not all. Typically, what we do not is to set our routers to stop all traffic between us and a relaying host. Now all the spam mails will be stuck in the relaying host. We will send a warning message to the adminstrator there via another channel telling him/her better cleanning the out-going mail queue before it is too late. > > but still, the administrative messages should _always_ be authenticated. > Will do. Thanks -Doug