SUMMARY - mail spam attack from Tom Ozanich on 1997-11-26 (tru64-unix-managers)

From: Tom Ozanich <txo_at_esca.com>
Date: Tue, 25 Nov 1997 09:04:44 -0800 (PST)

many thanks to: (in no particular order)

Andy Walden
Craig I. Hagan
Christer Borang
Simon Tardell
Tom Smith
Berry Kercheval
Steve VanDevender
Ann Cantelow

For the moment the attacks have stopped ( after several contacts to the
providers of the spammers)

Many thanks to Tom Smith from Digital Equipment Corp. for his continued
advice and patience.

There are several sites with updated information and tools. A good place
to start is sendmail.org. Other very good sites included below.

Craig I. Hagan writes:

look at both http://www.cih.com/~hagan/smap-hacks and
http://www.cih.com/~hagan/smtpd-hacks

Steve VanDevender writes:

Here's a very simple check_rcpt rule that will work with sendmail 8.8.6
or later to prevent mail from being relayed through your machine (that
is, to have people not on your machine send mail to recipients not on
your machine).

Scheck_rcpt
R$* $: $(dequote "" $&{client_name} $) $| $1
R$=w $| $* $_at_ OK client names in class w are OK
R$_at_ $| $* $_at_ OK null client name (local invocation) is OK
R$* $| $* $: $>3 $2 not local, check rcpt
R$* <_at_$=w.> $* $>3 $1 $3 remove local part, maybe repeatedly
R$* <_at_ $+ > $* $#error $_at_ 5.5.1 $: 551 we do not relay

You can add these lines at the bottom of your existing sendmail.cf, or
place them under a LOCAL_RULESETS line in a sendmail m4 macro

For a more complicated but flexible ruleset that will allow you to
selectively accept mail from clients in selected domains or networks, or
relay mail to selected domains or networks, see:

http://hexadecimal.uoregon.edu/antirelay/

Ann Cantelow writes:
> http://www.informatik.uni-kiel.de/%7Eca/email/check.html
>
> To stop general relaying, where spammers vary their from-addresses
> continuously, you want the check_rcpt rule set.
>
> If you have users who need to use relaying from outside through your
> site, there could be some rough going for them for a little while, as
> you put in additional rules to allow them to pass but still keep the
> spammers out. All this is covered at that site by Mr. Assmann too- see
> the link called "another version" towards the bottom of the check_rcpt
> page.

*****************************************
Tom Ozanich Cegelec ESCA *
11120 NE 33rd. Place 206.822.6800 *
Bellevue, WA 98004 *
*
Internet: txo_at_esca.com *
*****************************************
Received on Tue Nov 25 1997 - 18:30:04 NZDT

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:37 NZDT