Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 20 Oct 1996 12:10:54 -0400
From:      "Gary Palmer" <gpalmer@FreeBSD.ORG>
To:        Nadav Eiron <nadav@barcode.co.il>
Cc:        "Timothy P. Layton, Sr." <tlayton@global-sol.com>, questions@FreeBSD.ORG
Subject:   Re: HELP !!! I have a mail hacker. 
Message-ID:  <23066.845827854@orion.webspan.net>
In-Reply-To: Your message of "Sun, 20 Oct 1996 17:33:29 +0200." <Pine.BSF.3.91.961020172724.12781A-100000@gatekeeper.barcode.co.il> 

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Nadav Eiron wrote in message ID
<Pine.BSF.3.91.961020172724.12781A-100000@gatekeeper.barcode.co.il>:

> On Sat, 19 Oct 1996, Timothy P. Layton, Sr. wrote:

> > Help !!!
> > 
> > my mail host is receiving a couple thousand messages per night 
> > from a ficticous user at a fake domain.
> > 
> > I looked in the maillog and found what domain the messages where
> > coming from.  
> > 
> > Can I reject all mail from a single domain, and can I take it even 
> > further by refusing any type of connection from a domain ??

Sorry, missed the orig. message.

My first step would be to contact the postmaster(s) responsible for
the source of the trouble, and if it continues after that message,
look at setting up a firewall at some downstream router (possibly your
gateway, if you have access to it)

As an aside, does anyone know anything about a mail faker (seemingly a
bulk mail faker) which leaves its signature as `Homicide' in the
message ID field? Hosts under my control have been attacked at least
twice with this, the mail going somwhere else (perhaps fortunately),
but using one of the local servers as a first (supposedly untraceable)
hop. It's getting quite annoying.

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?23066.845827854>