From owner-freebsd-security  Tue Sep 21 12:49: 8 1999
Delivered-To: freebsd-security@freebsd.org
Received: from inbox.org (inbox.org [216.22.145.8])
	by hub.freebsd.org (Postfix) with ESMTP id 0D0B6156D4
	for <security@FreeBSD.ORG>; Tue, 21 Sep 1999 12:49:03 -0700 (PDT)
	(envelope-from bsd@a.servers.aozilla.com)
Received: from localhost (bsd@localhost)
	by inbox.org (8.9.3/8.9.3) with ESMTP id PAA04526;
	Tue, 21 Sep 1999 15:49:03 -0400 (EDT)
Date: Tue, 21 Sep 1999 15:49:03 -0400 (EDT)
From: "Mr. K." <bsd@a.servers.aozilla.com>
X-Sender: bsd@inbox.org
To: John Armstrong <siberian@siberian.org>
Cc: security@FreeBSD.ORG
Subject: Re: hackers?
In-Reply-To: <v04210115b40d84be18ca@[216.112.76.84]>
Message-ID: <Pine.BSF.4.10.9909211530200.3358-100000@inbox.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 21 Sep 1999, John Armstrong wrote:

> You really really need to turn off relaying and turn on pop 
> authentication ( or use a pop database if your pop users are coming 
> from static IP addresses ).
> 
Right now all relaying is shut off.
Is there somewhere that I can get more information on using pop
authentication for relaying?  That would be perfect as myself and the
other users connect from a large number of different locations and dynamic
ip addresses.

> Is your load high? What do you maillogs indicate? Can you trace the 
> source of the problem? Are emails bouncing back to your root acct?
> 
I actually didn't get any bounces, as the From: was listed to some other
poor loser.  I did get put on ORBS, but I'm off that now.

> When this happened to me not only did I get nailed with the outgoing 
> traffic, I got nailed with tens of thousands of bounces because the 
> idiot spammer did not get a current mailing list. On top of that I 
> got nailed into the blackhole and my ISP shut me down until I fixed 
> it.
> 
> its a nightmare. If you need a sendmail.cf file that blocks relaying 
> as well as the perl daemon to do pop authentication let me know and I 
> will send it offlist.
> 
Nope I think I got it.  Ran it through a few tests, and passed ORBS tests
apparently as I'm still off the list.

Thanks for the info and the help.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message