Re: Help with hijacked sendmail

• Previous message: Jeremy Mann: "IpTables and FXP"
• In reply to: Thiago Conde Figueiro: "Re: Help with hijacked sendmail"
• Next in thread: John S. Jacob: "Re: Help with hijacked sendmail"
• Next in thread: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
• Reply: John S. Jacob: "Re: Help with hijacked sendmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <3BB23BCD.C8A7A3E8@danbbs.dk>
Date: Wed, 26 Sep 2001 22:34:21 +0200
From: Mogens Valentin <monz@danbbs.dk>
To: focus-linux@securityfocus.com
Subject: Re: Help with hijacked sendmail

Thiago Conde Figueiro wrote:
>
> On Mon, 24 Sep 2001 22:32:34 -0400, Rajeev Kumar <rajeev@rajeevnet.com>
> wrote:
>
> RK> Dan,
> RK> It could be your mail server is acting as an open relay.
> RK> Sendmail default now deny open relay after version 8.9. So if you are
> running sendmail
> (...)
>
> Why not stop using sendmail altogether? Sendmail has a long, sad history
> of exploits. Ever after I found out about Postfix (a secure replacement
> for sendmail) my worries with smtp have dropped to almost zero.

Sure, but all it takes to make sendmail resonably secure is update to
latest version and do somthing like:

/etc/mail/access :
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY

your_domain.whetever RELAY

#examples of PITA spammer domains:
mail.linkusnow.net REJECT
216.144.196.28 REJECT

mail2.linkusnow.net REJECT
216.144.196.29 REJECT

And in /etc/sendmail.mc :
define(`confPRIVACY_FLAGS',
`authwarnings,noexpn,novrfy,noetrn,noverb,goaway')

Remember to run the m4 macro at the beginning of .mc and restart
sendmail.

-- 
Regards,
           Mr Dev - Mogens Valentin
    http://www.mrdev.com - mrdev@danbbs.dk
OpenSource Security - Networking - Programming

• Previous message: Jeremy Mann: "IpTables and FXP"
• In reply to: Thiago Conde Figueiro: "Re: Help with hijacked sendmail"
• Next in thread: John S. Jacob: "Re: Help with hijacked sendmail"
• Next in thread: info@perimeterdefence.com: "Re: Help with hijacked sendmail"
• Reply: John S. Jacob: "Re: Help with hijacked sendmail"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ordb open relay ... > I submitted my ip to ORDB for on open relay test, and they told me a had ... I use Sendmail and Sophos MailMonitor. ... I had to setup stupid sophos couple months ago in one place. ... put sendmail on port 25 and repeat relay test. ... (comp.os.linux.security) Re: ordb open relay ... and the email server sits behind a linux firewall running ... > I submitted my ip to ORDB for on open relay test, ... I use Sendmail and Sophos MailMonitor. ... Is it problem having those things (localhost, ... (comp.os.linux.security) Re: ordb open relay ... > I submitted my ip to ORDB for on open relay test, and they told me a had ... I use Sendmail and Sophos MailMonitor. ... >Mail monitor has some features with restrict/allow clients, ... (comp.os.linux.security) Beaten to Death: Open Relay ... I'm having tremendous difficulty getting Sendmail set up to close ... its open relay status AND let people from my office send mail from ... relaying, good or bad. ... people in my office send mail through the server is to include the IP ... (comp.mail.sendmail) Re: ordb open relay ... > I submitted my ip to ORDB for on open relay test, ... I use Sendmail and Sophos MailMonitor. ... > the mail at port 25, scans it, and sends it on to Sendmail at port ... > Mail monitor has some features with restrict/allow clients, ... (comp.os.linux.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint