Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Oct 1996 23:21:37 -0500 (CDT)
From:      Jay E Erickson <erickson@server.gf-net.af.mil>
To:        "Timothy P. Layton, Sr." <tlayton@global-sol.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: HELP !!! I have a mail hacker.
Message-ID:  <Pine.BSF.3.91.961020231241.21572A-100000@server.gf-net.af.mil>
In-Reply-To: <199610190913.JAA07351@global-sol.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

To reduce this type of activity I did three things:
1. Installed TCP Wrappers 

2. Ran my smtp traffic through TCP Wrappers (three steps) 
    (the wrappers install docs helped me with this)
    added the next line to my /etc/inetd.conf
smtp    stream  tcp     nowait  root    /usr/libexec/tcpd       /usr/sbin/sendmail -bs
    and added the next two lines to my /etc/crontab for root
# Check sendmail queue every 30 minutes
*/30    *       *       *       *       root    /usr/sbin/sendmail -q
set the sendmail option in the /etc/sysconfig to  "no"
if you don't want to use crontab you can set the sendmail option in the 
/etc/sysconfig to "-q30m"

3. in my /etc/sendmail.cf file I set
O PrivacyOptions=goaway

step 1 is just a good idea
step 2 makes sure the IP address = thier long address i.e.
204.216.27.18 = FreeBSD.org
and step 3 forces smtp mailers to greet you with hello and doesn't let 
them expand on any lists or verify any users. 
this dosen't make you 100% safe but every little bit counts.

 On Sat, 19 Oct 1996, Timothy P. Layton, Sr. wrote:

> Help !!!
> 
> my mail host is receiving a couple thousand messages per night 
> from a ficticous user at a fake domain.
> 
> I looked in the maillog and found what domain the messages where
> coming from.  
> 
> Can I reject all mail from a single domain, and can I take it even 
> further by refusing any type of connection from a domain ??

Yes. TCP wrappers can do this for you

Jay Erickson
Erickson@server.gf-net.af.mil
or Jay@Erickson.gf-net.af.mil



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961020231241.21572A-100000>