OSF Gurus,
Thanks to the many people who have already responded. Here are some of the
suggestions:
1) Use the firewall to block all incoming mail from all AOL domain.
We knew of this one, but who know's if this person will decide to start a
minor army with friends from other providers. We'll have to see and react
quickly.
2) Upgrade sendmail to version 8.8 (I'm not sure which version we are on
right now) since this allows us to do some filtering by address, thus
blocking the mail.
I'm looking into this as we should upgrade our sendmail anyway I'm sure.
3) Install TCP Wrappers and bring mail under it to use TCP Wrappers
filtering and logging.
This is already work in progress. Hopefully this will be completed in the
extreme near future.
4) Use slocal and .maildelivery to bounce the message back to the sender
and the postmaster at the site.
I will also be looking into this one later today.
The other question that has popped up is the users identity. We have
contacted AOL as to find out the user's real name and were told that we
would have to subpoena AOL to get the real name of the user. Although they
stated that the account was removed, I do not trust them to keep the person
locked out. After receiving the second message from a different account,
we asked AOL to either confirm or deny that the same real person was
involved or not. We have yet to hear back from them, surprise surprise.
AOL is extremely slow in getting back to anyone it seems, except in one
case. One user on our system was sent an e-mail message originating from
AOL offering a child pornography catalog. We were notifed very quickly
that the persons account had been removed and that it had been forwarded to
their legal department. It's nice to see that they move quickly to
something.
Anyway, thanks for listening.
G. Matthew Sweet
m_sweet_at_tec.nh.us
Many thanks to: (in no particular order)
"Patrick O'Brien" <pobrien_at_cfa.harvard.edu>
"Shirl Grant" <grant_at_psc.edu>
"David Warren" <warren_at_atmos.washington.edu>
"Charles M. Richmond" <cmr_at_iisc.com>
"Becki S Kain" <bkain1_at_ford.com>
"Gustavo Gibson da Silva" <gupe_at_elogica.com.br>
"JB" <barnwell_at_eksystems.com>
"Barry Treahy" <treahy_at_allianceelec.com>
<<<<<< Original Message Below>>>>>>>
> To whom it may concern,
>
> We are currently gearing up for a possible mail bomb attack from AOL
and
> possibly others. We have been having some problems with an AOL user who
> sent a message to approx 700 accounts (causing some denial of local
> service) asking for usernames and passwords. Supposedly, that person's
> account has been removed from AOL, however two days later we received
> another message from a "different" AOL user stating that unless we
removed
> our firewall, we would be subject to extreme mail bombing. From what I
can
> tell, there isn't a lot that I can do proactively. I'm looking for
options
> for setting up sendmail to refuse mail from an address, limit message
> sizes, or anything else that might help. We are going to install TCP
> Wrappers for logging of other services and are cuurently running Enhanced
> Security to protect the pasword files. I searched the list archive, but
> didn't have much luck. Any suggestions?
>
> Thanks for any and all help!
>
>
> G. Matthew Sweet
> m_sweet_at_tec.nh.us
>
>
> Imagine a time when it all began, In the dying days of a war
> A weapon -- that would settle the score
> Whoever found it first would be sure to do their worst --
> They always had before... The Manhattan Project By Rush
Received on Wed Oct 23 1996 - 21:19:31 NZDT