Date: Sun, 20 Oct 1996 12:10:54 -0400 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: Nadav Eiron <nadav@barcode.co.il> Cc: "Timothy P. Layton, Sr." <tlayton@global-sol.com>, questions@FreeBSD.ORG Subject: Re: HELP !!! I have a mail hacker. Message-ID: <23066.845827854@orion.webspan.net> In-Reply-To: Your message of "Sun, 20 Oct 1996 17:33:29 %2B0200." <Pine.BSF.3.91.961020172724.12781A-100000@gatekeeper.barcode.co.il>
next in thread | previous in thread | raw e-mail | index | archive | help
Nadav Eiron wrote in message ID <Pine.BSF.3.91.961020172724.12781A-100000@gatekeeper.barcode.co.il>: > On Sat, 19 Oct 1996, Timothy P. Layton, Sr. wrote: > > Help !!! > > > > my mail host is receiving a couple thousand messages per night > > from a ficticous user at a fake domain. > > > > I looked in the maillog and found what domain the messages where > > coming from. > > > > Can I reject all mail from a single domain, and can I take it even > > further by refusing any type of connection from a domain ?? Sorry, missed the orig. message. My first step would be to contact the postmaster(s) responsible for the source of the trouble, and if it continues after that message, look at setting up a firewall at some downstream router (possibly your gateway, if you have access to it) As an aside, does anyone know anything about a mail faker (seemingly a bulk mail faker) which leaves its signature as `Homicide' in the message ID field? Hosts under my control have been attacked at least twice with this, the mail going somwhere else (perhaps fortunately), but using one of the local servers as a first (supposedly untraceable) hop. It's getting quite annoying. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23066.845827854>