on Thu, Apr 18, 2002, Osamu Aoki (debian@aokiconsulting.com) wrote:
> Hi,
> On Thu, Apr 18, 2002 at 09:57:45PM -0500, will trillich wrote:
> > debian-users: i've got what may be a nasty situation about to
> > happen. any pointers welcome...
> >
> > just got a 'heads up' from an ally at my isp that someone's
> > reported "dontUthink.com" as a spammer. i'm running debian
> > potato/exim--
> >
> > Exim version 3.12 #1 built 03-Jan-2002 02:45:13
> > Copyright (c) University of Cambridge 1999
>
> First thing is confirm nature of complaint by talking to ISP.
Ditto. Specifically, headers or IPs in question.
> I suspect some open relay issue.
I suspect spoofed headers. Very easy to do, and many tools don't handle
spoofed domains well. I report *to* them, but make clear in my response
message that this is an either-or case. Your ISP may not be
distinguishing this here.
> EXIM or any MTA can be used as open relay if it is not configured
> right. But configuration can be tricky.
With exim it's fairly straightforward. Look for the value of:
#relay_domains =
...in /etc/exim/exim.conf.
> > how can i be sure that i've not been cracked and am unbeknownst
> > to me broadcasting/relaying email for others? surely there's
> > something better than just 'sniffit' and waiting for something
> > to happen...
apt-get install chkrootkit
...not bulletproof, but good for common stuff.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.
http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html
Attachment:
pgp8KxLNJdmJr.pgp
Description: PGP signature