On Friday 08 June 2001 07:04, Leah Cunningham wrote:

Matt,

- > I just wanted to share that with you! The id10t who spammed me even - > tried spoofing the from address to make it look as if it came from my - > own domain, so I forwarded it to them. - > - > Actually, how can one fix this? I am using Sendmail.

You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you,

How do you know:-)

or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.

I think so too, but these are the options you don't want in the linux.mc file: FEATURE(relay_local_from) FEATURE(promiscuous_relay) Test it from here: http://www.abuse.net/relay.html

I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.

-- Cheers, Joost

On June 8, 2001 10:58 am, Joost van der Lugt wrote:

On Friday 08 June 2001 07:04, Leah Cunningham wrote:

...

You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you,

How do you know:-)

...

or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.

If you are running a reasonably up to date version of Sendmail it should start out with relaying shutdown. SuSE 6.1 [might have been 6.0] started shipping with the 8.9.x series of sendmail which I think all block relaying. So unless you turned it on or are running a very old version of sendmail you don't need to shut it off. If you are running something from 8.8.x or older I'd upgrade it. Nick

I don't think this is about relaying. Spoofing a from-address can be done without any relay at all. I just found this out. I had been getting strange entries in my maillog from sourceforge servers, and their admins told me it had to do with SMTP callback. i.e. finding out if the from-address is valid or not. I think this is what's required. But it has nothing to do with relaying, I'm *almost* certain :). On Friday 08 June 2001 16:04, Leah Cunningham wrote:

Matt,

- > I just wanted to share that with you! The id10t who spammed me even - > tried spoofing the from address to make it look as if it came from my - > own domain, so I forwarded it to them. - > - > Actually, how can one fix this? I am using Sendmail.

You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you, or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.

I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.

True, but you don't need sendmail to do that. telnet to a mail server and you can put whatever you like in the from field(HELO MAILTO FROM etc. I forget the exact syntax.) I once forged a mail to a friend to seem like it was from his boss. It was April fools day :) Regards Anders On Friday 08 June 2001 20:12, Ben Rosenberg wrote:

* Anders Johansson (andjoh@cicada.linux-site.net) [010608 11:06]: ->I don't think this is about relaying. Spoofing a from-address can be done ->without any relay at all. -> ->I just found this out. I had been getting strange entries in my maillog from ->sourceforge servers, and their admins told me it had to do with SMTP ->callback. i.e. finding out if the from-address is valid or not. I think this ->is what's required. But it has nothing to do with relaying, I'm *almost* ->certain :). ->

You can masq the domain your coming from like this with Sendmail. Most server operators prefer *not* to receive mails from unresolvable domains (such as your localhost.localdomain).

-- MASQUERADE_AS(`mail.com') FEATURE(`masquerade_envelope') --

For further reading you can check this out.

Read http://www.hserus.net/pop_smtp.html

Regards,

Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk? Matt -- "The only thing complex about Linux are the users themselves." On Fri, 8 Jun 2001, Leah Cunningham wrote:

- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.

Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:

mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com

Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?

Even then, one could change the user and leave the correct domain intact for external/internal domains.

- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.

I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.

As I pointed out, this is what sourceforge does. I haven't checked this, to see how it's done, but I'c be very surprised (to say the least) if it couldn't be done with sendmail Regards Anders On Friday 08 June 2001 20:51, StarTux wrote:

Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk?

Matt

-- "The only thing complex about Linux are the users themselves."

On Fri, 8 Jun 2001, Leah Cunningham wrote:

...

- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.

Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:

mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com

Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?

Even then, one could change the user and leave the correct domain intact for external/internal domains.

- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.

I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.

* Leah Cunningham [010608 22:45]:

but I could do mail from:leah@valaddomain.com

Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?

AFAIK sendmail that comes with SuSE 7.0 and above are compiled with tcp wrappers library and if you use the hosts.allow and hosts.deny files properly you may stop unauthorized IP's connecting to your mail server Also I have been using SuSE sendmail rpm (the one comes with 7.1) configured via yast and so far people tried relaying yet they all got the message "Sorry relaying not allowed" and I have not done anything special (ie. making my own senmail.cf manually) HTH -- Togan Muftuoglu

* StarTux [010608 23:07]:

Damn,

Thats a great idea...I need to use the hosts.allow file, as my default setting in deny is to deny all. But can I add a line like this to my sendmail section in .allow?

AFAIK it hasto be like sendmail: LOCAL 111.222.333.0/255.255.255.0

SMTP:matthew@psychohorse.com ohno@psychohorse.com

Or, would I need to do soemthing different? Or IP based only? I need to accept e-mails and to be able to send e-mails.

Again AFAIK ( I may be completely wrong) SMTP In External address -> Internal address tcp port 25 (receiving mail out Internal address -> External address tcp port >1023 Sending mail out out Internal address -> External adress tcp port 25 In External address -> Internal address tcp port >1023

The default sendmail configuration seems to be tightly locked (only send/recieve internally on the box).

have a look also for /etc/mail directory access and relay-domains virtualusertable with them there should be no problem to achive what you want HTH -- Togan Muftuoglu

This won't work or will really throw a ball of wax into the works. Look at my e-mail address. This is a perfectly valid address. However, I don't work for the IEEE, I'm a member and this is an alias that forwards to where I really am this month (I've had 3 ISPs in the last 2 years). So I am never posting from the IEEE's domain. You can look at the message ID to find where I writing this from except it is an intranet domain name and won't resolve on the Internet. Check the headers and you will see a third domain name. When I am visiting friends and family, I usually use their ISP's SMTP server for outgoing mail from my laptop. All legitimate mail. And I use different return addresses, depending on the context. E.g., I have two ISPs currently; obviously, I use the address in their domain when corresponding with them. And for a while I was employed by a company with no physical office, only a bunch of people working out of the back bedroom of their home. Work e-mail carried the company's domain name. I could have routed the work e-mail thru the company's mail servers, but that would have meant a lot of extra work for me. Any sysadmin that put such a policy in place would get all his/her users added to my bozo filter (AKA kill file). Just my $0.02USD, Jeffrey Quoting Leah Cunningham :

- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.

Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:

mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com

Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?

Even then, one could change the user and leave the correct domain intact for external/internal domains.

- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.

I can't believe it's not UNIX!!! Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.

-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck

* Joost van der Lugt [Jun 08. 2001 21:45]:

On Friday 08 June 2001 12:37, Leah Cunningham wrote:

...

Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?

Feature is also called allow 'mail based on envelope from':

FEATURE(relay_local_from)

Which is not in the default SuSE sendmail config ( or any newer sendmail config). It is the only way to allow false envelopes in, aside from the promiscuous relay feature, which just allows anything whatsoever at all in:-).

Sendmail does an nslookup on your domain, so it checks no matter what you give as a from address.

The only spoofing you could do (that I can think off) is to spoof your IP address, which is hard to do, to say the least.

Oops, guess I misunderstood the actual question, but as explained by others, it is not a good idear, and I don't know if it's possible. For your own domain(s) you even have to allow an empty from address ... (see the rfc's) so from does not have to equal your actual domain. (so the features I was talking about above regarding the envelopes were regarding relaying of, and allowing and denying of that)

Joost