Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Oct 1996 17:33:29 +0200 (IST)
From:      Nadav Eiron <nadav@barcode.co.il>
To:        "Timothy P. Layton, Sr." <tlayton@global-sol.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: HELP !!! I have a mail hacker.
Message-ID:  <Pine.BSF.3.91.961020172724.12781A-100000@gatekeeper.barcode.co.il>
In-Reply-To: <199610190913.JAA07351@global-sol.com>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sat, 19 Oct 1996, Timothy P. Layton, Sr. wrote:

> Help !!!
> 
> my mail host is receiving a couple thousand messages per night 
> from a ficticous user at a fake domain.
> 
> I looked in the maillog and found what domain the messages where
> coming from.  
> 
> Can I reject all mail from a single domain, and can I take it even 
> further by refusing any type of connection from a domain ??

I think you've just discovered you need a firewall... As an immediate 
action, look into ipwf (if you're running 2.1.5 or up - it's much 
improved since 2.1.0). Use it to block out things you don't need. Then, 
especially if you have a network of machines to protect, build a 
firewall. It is pretty easy to do. I recommend reading: Firewalls and 
Internet Security by Cheswick and Bellovin (ISBN: 0-201-63357-4), 
published by Addison-Wesley. It is a bit old, but *very* well written, 
built upon real world experience, and has pointers to free firewall 
resources on the 'net.

One of the great motos of this book (and many others on security) is: 
Don't let anyone from the outside even get at your sendmail. Sendmail is 
far too complex to be bug-free, and the Bad Guys will use those bugs. The 
TIS firewall toolikit (it's in the ports collection) has a wrapper for 
sendmail (made of two programs: smap and smapd).

> 
> Please Help !
> 
> Thanks
> Tim-
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Timothy P. Layton, Sr.
> http://www.global-sol.com
> mailto:tlayton@global-sol.com
> voice:314.298.0873 Fax:314.298.8482
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> 
Nadav

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961020172724.12781A-100000>