[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How do I find the source of the spammers?

John Foster <johnf@mars.nettrek.net.au> writes:

> The last entry is the first reference to this piece of mail in my
> logs! Is it possible for someone to use their compuserve account to
> send mail to my daemon that instructs it to run the bulk mailout?

Yes. It is very easy to use a standard mailhost as a relay if it
doesn't have any kind of relay-access-control.

> If so, how do I stop it?

There is a set of patches for Sendmail that allow it to do this,
you can use BlackMail as a spam-filter, or install qmail
(http://www.qmail.org/) which has a reasonable amount of
configurability fo stopping spam, and also several patches that
further improves this ability. (Checking if the envelope-from address
is valid through DNS or simply blocking an ip-range.)

> More importantly, how can I find if it's one of the 800 clients who
> has an account on this server, so I can close their account and send
> them elsewhere?

Install iplogger. This will give you entries in the syslog for all
connection attemts made to your machine, like:

Jun 21 16:42:53 blight tcplogd: smtp connection attempt from yme.mo.hiMolde.no

> And then how do I prevent it happening again?

Install access-control-lists for relaying on your current MTA, or switch
to qmail.

   Vebjorn Forsmo   vebjorn@mo.hiMolde.no  vebjorn@hsr.no   vforsmo@sn.no
 80 13 6B 4B 7C 83 B7 DC  5C 9C A8 AE C0 AD 22 F4  2048/00952325 1995/05/13 
             To err is human, to forgive is Not Company Policy.

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: