Re: Help mailserver used to mirror spamming !!!

To: <debian-user@lists.debian.org>
Subject: Re: Help mailserver used to mirror spamming !!!
From: "nate" <debian-user@aphroland.org>
Date: Thu, 26 Sep 2002 10:05:04 -0700 (PDT)
Message-id: <[🔎] 2296.216.39.174.24.1033059904.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] B9B8C445.18D63%axis@movinet.com.uy>
References: <[🔎] B9B8C445.18D63%axis@movinet.com.uy>

Ricardo Fitzgerald said:
> Hi to all,
>
> Recently I had a very bad news one of my clients mail server was blocked
> due to spamming !!! Well, the thing is they are not spamming at all, but
> their ip was used by some unscrupulous spammer, now I have the task to
> write some security to prevent that but I don't know much about the
> subject, where can I find some info to develop a good firewall or
> sendmail rules to prevent that from happen again ? I've recently started
> to use sendmail and it's somewhat obscure, due to my personal situation I
> can't even afford to buy a book on sendmail so I need free sources.
> Any suggestions from experienced users are welcomed, now I have sendmail,
> and fetchmail, procmail and squid as proxy to serve the internal lan of 5
> windows computers.

the most common way for mail servers to be used for spam is an open
relay. Many open relays are set that way on purpose, because the admin
is too lazy to setup an alternate way to authenticate to the system before
sending mail:

1) VPN
2) Web-based email (I've been using Squirrelmail for almost 2 years)
3) POP3-Before-SMTP
4) (some other method to authenticate with SMTP)
5) Only allow very strict IPs/IP-ranges to connect

before you can lock down the system you need to identify what method
the spammers were using, if it was an open relay then thats usually
easy, lock down the relay configuration.

A good resource is sendmail.org, for anti-spam stuff:
http://www.sendmail.org/tips/relaying.html

sendmail is a very complex piece of software, it was one of the last
major pieces of software to learn(after apache & bind). If your new
to configuring sendmail it will take some time to learn how it works.

but first thing is to determine what method the spammers used to
use your customer as a relay before preparing a response. Maybe the
entire system was compromised, maybe its an open relay, maybe someone
is abusing a proxy on a server that is allowed access to relay, maybe
its a CGI script on the server...


nate

Reply to:

References:
- Help mailserver used to mirror spamming !!!
  - From: Ricardo Fitzgerald <axis@movinet.com.uy>

Prev by Date: Re: nvidia and X with 2.4.19
Next by Date: Re: Logical Volume Manager
Previous by thread: Help mailserver used to mirror spamming !!!
Next by thread: Re: Help mailserver used to mirror spamming !!!
Index(es):
- Date
- Thread