Managers,
Over the past few days we have been the `lucky` host of a spammer.
Stopped most of them but not before some damage was done . I have
read the previous summary from Debby Quayle (29 Oct.) I must admit I am
not an expert when it comes to Sendmail cf files. I was first running the
vanilla version delivered with the O/S, Then installed the IAS (DEC
supplied 8.8.7) version. I have built but not yet configured 8.8.8. I
have no problem catching the source IP addr. in my logs (most from
Compuserve and AOL ) and have notified them of the attacks. They continue
(partly because I am sure most of them are on `free introductory` time.)
Which is the same reason it makes it hard to firewall because I would have
to block a huge block.
Here is a sample of an xf file I captured (most using the same method)
::::::::::::::
xfAAA0000016941
::::::::::::::
<<< RCPT To:<Fish4castr_at_aol.com>
<<< RCPT To:<Fish4Fluke_at_aol.com>
<<< RCPT To:<Fish4funFL_at_aol.com>
<<< RCPT To:<FISH4JCN_at_aol.com>
<<< RCPT To:<Fish4life1_at_aol.com>
<<< RCPT To:<Fish4Me01_at_aol.com>
<<< RCPT To:<FISH4ME228_at_aol.com>
<<< RCPT To:<Fish4Mike2_at_aol.com>
<<< RCPT To:<Fish4Nick_at_aol.com>
<<< RCPT To:<Fish4sale_at_aol.com>
<<< RCPT To:<Fish4u2442_at_aol.com>
<<< RCPT To:<FISH4UME_at_aol.com>
<<< RCPT To:<Fish4x4_at_aol.com>
<<< RCPT To:<Fish51664_at_aol.com>
<<< RCPT To:<Fish517_at_aol.com>
<<< RCPT To:<Fish553261_at_aol.com>
<<< RCPT To:<Fish58120_at_aol.com>
<<< RCPT To:<FISH61367_at_aol.com>
<<< DATA
By the way the content of the spam is to sell the same trash that was used
to generate the spam in the first place.
Outside of moving away from Sendmail , is there a way to catch these and
throw them into the bit bucket ? In Debby's summary there was a reference
to a HReceived entry (Mine is a bit different) in the cf file. Will that
force the envelope to the true sender in this type of attack ?
There is also information on config for an /etc/sendmail.local file. Will
this help in this case ?
Are there any other hacks to the cf file that may help?
Thank you for your time and advice.
Tom
*****************************************
Tom Ozanich Cegelec ESCA *
11120 NE 33rd. Place 206.822.6800 *
Bellevue, WA 98004 *
*
Internet: txo_at_esca.com *
*****************************************
Received on Sun Nov 23 1997 - 04:10:10 NZDT