[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: my isp is being told *i* am broadcasting spam?

on Thu, Apr 18, 2002, Osamu Aoki (debian@aokiconsulting.com) wrote:
> Hi,
> On Thu, Apr 18, 2002 at 09:57:45PM -0500, will trillich wrote:
> > debian-users: i've got what may be a nasty situation about to
> > happen. any pointers welcome...
> > 
> > just got a 'heads up' from an ally at my isp that someone's
> > reported "dontUthink.com" as a spammer. i'm running debian
> > potato/exim--
> > 
> > 	Exim version 3.12 #1 built 03-Jan-2002 02:45:13
> > 	Copyright (c) University of Cambridge 1999
> First thing is confirm nature of complaint by talking to ISP.

Ditto.  Specifically, headers or IPs in question.

> I suspect some open relay issue.

I suspect spoofed headers.  Very easy to do, and many tools don't handle
spoofed domains well.  I report *to* them, but make clear in my response
message that this is an either-or case.  Your ISP may not be
distinguishing this here.

> EXIM or any MTA can be used as open relay if it is not configured
> right.  But configuration can be tricky.

With exim it's fairly straightforward.  Look for the value of:

    #relay_domains = 

...in /etc/exim/exim.conf.

> > how can i be sure that i've not been cracked and am unbeknownst
> > to me broadcasting/relaying email for others? surely there's
> > something better than just 'sniffit' and waiting for something
> > to happen...

    apt-get install chkrootkit

...not bulletproof, but good for common stuff.


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
   Keep software free.         Oppose the CBDTPA.         Kill S.2048 dead.

Attachment: pgphEBQd9Yjqi.pgp
Description: PGP signature

Reply to: