Re: SPAM - More info please

From: David Levenick (mail261r@dnd.ca)
Date: 08/14/01 

Date: Tue, 14 Aug 2001 13:36:38 -0400 (EDT)
Message-Id: <200108141736.f7EHacf03376@smtp1.dnd.ca>
From: "David Levenick" <mail261r@dnd.ca>
To: "Stephen C" <stephenc_100@hotmail.com>, "Security Basics" <security-basics@securityfocus.com>
Subject: Re: SPAM - More info please

Stephen,

A good article on spam and fake email is @

http://ddi.digital.net/~gandalf/spamfaq.html

A good tool to help in tracing email is Sam Spade v1.14 and can be found @ www.samspade.org

On Monday, August 13, 2001 at 10:06:12 AM, gerhard.knez@credence.de wrote:

> Hi Stephen,
>
> I assume that your port 25 (smtp uses this port) is open to the world.
> This is the way SPAM comes in normally. Because of SMTP does not use
> any kind of authentication (except newer versions of sendmail but you
> have to configure it that way) you have to limit/block access to this
> port to stop it. If you do not need this port to be seen from the
> outside of your network you just want to block this port on your
> firewall. If you need this port for people outside your network to
> send mails through your server you may implement some kind of 'pop
> before SMTP'. This method needs the client to do a POP3 request first
> (which is password protected) and then opens the SMTP for this IP
> address for a certain time.
>
> Search on google for popb4smtp ...
>
> For tracing down the source your best help is the email header ...
> just trace the header back to the source.
> Depending on your OS you syslogd might have logged something helpful,
> just search the logs by the time the spam happend.
>
> Gerhard
> PS sorry for my bad english, hope you figured out what I mean ...
>
>
>
> Stephen C wrote:
> >
> > Hi All,
> > At my new place of work we are intermittently being used as a SPAM relay.
> > Could some one please explain as to how this happens and how I could stop
> > this from happening again. Any info on how to trace the sources would also
> > be useful.
> >
> > We use VPOP3 and as far as I know we use SMTP (I am told this has some
> > significance).
> >
>
>

Cpl D. (David) Levenick
Instructor IS Security/IS Forensics
Canadian Forces Military Police Academy
Bldg O-124
CFB Borden
Borden, ON
L0M 1C0
705-424-1200 ext 3499

mail261r
e-mail: mail261r@dnd.ca

Relevant Pages

  • Re: Authenticate domain users and port issues
    ... All internet SMTP traffic occurs on port 25. ... Makers of Spam Filter ISP ...
    (microsoft.public.exchange.admin)
  • Re: Current status?
    ... You would still need to know who your MTA is ... justification for allowing anybody to use port 25. ... to the problem of how to get the email system to be more immune to SPAM. ... your ISP should never allow you ...
    (comp.os.vms)
  • Re: SPAM - More info please
    ... Gerhard, ... > I assume that your port 25 (smtp uses this port) is open to the world. ... > This is the way SPAM comes in normally. ...
    (Security-Basics)
  • Re: Spam
    ... > All the mail seems to have originated in single machines all over ... > with the client polling for spam to deliver on e.g. irc channels). ... they tend to include an SMTP server listening on a non-standard port, ... have a separate control channel to "port hop", ...
    (comp.lang.lisp)
  • Re: Current status?
    ... spam will not stop because you start blocking port 25. ... I still won't use the idiots running the ISP for my mail. ...
    (comp.os.vms)