Re: How do I find the source of the spammers?
John Foster <johnf@mars.nettrek.net.au> writes:
> The last entry is the first reference to this piece of mail in my
> logs! Is it possible for someone to use their compuserve account to
> send mail to my daemon that instructs it to run the bulk mailout?
Yes. It is very easy to use a standard mailhost as a relay if it
doesn't have any kind of relay-access-control.
> If so, how do I stop it?
There is a set of patches for Sendmail that allow it to do this,
you can use BlackMail as a spam-filter, or install qmail
(http://www.qmail.org/) which has a reasonable amount of
configurability fo stopping spam, and also several patches that
further improves this ability. (Checking if the envelope-from address
is valid through DNS or simply blocking an ip-range.)
> More importantly, how can I find if it's one of the 800 clients who
> has an account on this server, so I can close their account and send
> them elsewhere?
Install iplogger. This will give you entries in the syslog for all
connection attemts made to your machine, like:
Jun 21 16:42:53 blight tcplogd: smtp connection attempt from yme.mo.hiMolde.no
> And then how do I prevent it happening again?
Install access-control-lists for relaying on your current MTA, or switch
to qmail.
--
Vebjorn Forsmo vebjorn@mo.hiMolde.no vebjorn@hsr.no vforsmo@sn.no
80 13 6B 4B 7C 83 B7 DC 5C 9C A8 AE C0 AD 22 F4 2048/00952325 1995/05/13
To err is human, to forgive is Not Company Policy.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: