Date: Fri, 13 Aug 1999 14:31:49 +0200 From: Ollivier Robert <roberto@keltia.freenix.fr> To: security@freebsd.org Cc: Brett Glass <brett@lariat.org> Subject: Re: Another SMTP name-guessing attack Message-ID: <19990813143148.A73411@keltia.freenix.fr> In-Reply-To: <4.2.0.58.19990812185216.043c1160@localhost>; from Brett Glass on Thu, Aug 12, 1999 at 06:54:16PM -0600 References: <4.2.0.58.19990812185216.043c1160@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
According to Brett Glass: > Aug 11 211612 myhost sendmail[5126] VAA05126 lost input channel from ip176.albuquerque3.nm.pub-ip.psi.net [38.29.68.176] Why do you allow dialups POPs to directly connect to your mail server ? Use the DUL system and be happy (and put others manually into your access file). <http://maps.vix.com/dul/>; <http://maps.vix.com/rbl/>; I use "maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com". > Has anyone else seen this style of attack, or are we honored to be the > first? Any ideas on how to patch Sendmail to thwart it? (FreeBSD's > particular configuration for Sendmail seems particularly susceptible to this > because it imposes a limit on connections; all legitimate mail stopped > during the attack.) Use Postfix. It won't probably stop the attack (although its rate limitations will make it far less of a problem than sendmail) but you'll get legitimate mail across. PS: your lines are far too long, please cut them down. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990813143148.A73411>