From owner-freebsd-security Fri Aug 13 6:41:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 8C8B414E66 for ; Fri, 13 Aug 1999 06:41:09 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id PAA16919; Fri, 13 Aug 1999 15:41:20 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 26B69870B; Fri, 13 Aug 1999 14:31:49 +0200 (CEST) Date: Fri, 13 Aug 1999 14:31:49 +0200 From: Ollivier Robert To: security@freebsd.org Cc: Brett Glass Subject: Re: Another SMTP name-guessing attack Message-ID: <19990813143148.A73411@keltia.freenix.fr> Mail-Followup-To: security@freebsd.org, Brett Glass References: <4.2.0.58.19990812185216.043c1160@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.5i In-Reply-To: <4.2.0.58.19990812185216.043c1160@localhost>; from Brett Glass on Thu, Aug 12, 1999 at 06:54:16PM -0600 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5543 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Brett Glass: > Aug 11 211612 myhost sendmail[5126] VAA05126 lost input channel from ip176.albuquerque3.nm.pub-ip.psi.net [38.29.68.176] Why do you allow dialups POPs to directly connect to your mail server ? Use the DUL system and be happy (and put others manually into your access file). I use "maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com". > Has anyone else seen this style of attack, or are we honored to be the > first? Any ideas on how to patch Sendmail to thwart it? (FreeBSD's > particular configuration for Sendmail seems particularly susceptible to this > because it imposes a limit on connections; all legitimate mail stopped > during the attack.) Use Postfix. It won't probably stop the attack (although its rate limitations will make it far less of a problem than sendmail) but you'll get legitimate mail across. PS: your lines are far too long, please cut them down. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #73: Sat Jul 31 15:36:05 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message