Wow, this actually worked...
Here is what I do to spammers: Dear Sir or Madam, We were recently notified that you received Spam from one of our customers. We would like to notify you that his account has been terminated. If you have any other questions, please feel free to contact Interact Digital Technologies or visit our terms of service at: http://www.interactdigitaltechnologies.com/terms.htm Again, we are very sorry for any trouble this person has caused you. Sincerely, David Burns Interact Digital Technologies http://www.interactdigitaltechnologies.com I just wanted to share that with you! The id10t who spammed me even tried spoofing the from address to make it look as if it came from my own domain, so I forwarded it to them. Actually, how can one fix this? I am using Sendmail. Matt
Matt, - > I just wanted to share that with you! The id10t who spammed me even - > tried spoofing the from address to make it look as if it came from my - > own domain, so I forwarded it to them. - > - > Actually, how can one fix this? I am using Sendmail. You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you, or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember. I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
On Friday 08 June 2001 07:04, Leah Cunningham wrote:
Matt,
- > I just wanted to share that with you! The id10t who spammed me even - > tried spoofing the from address to make it look as if it came from my - > own domain, so I forwarded it to them. - > - > Actually, how can one fix this? I am using Sendmail.
You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you,
How do you know:-)
or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.
I think so too, but these are the options you don't want in the linux.mc file: FEATURE(relay_local_from) FEATURE(promiscuous_relay) Test it from here: http://www.abuse.net/relay.html
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
-- Cheers, Joost
- > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, - > - > How do you know:-) A small green lizard told me ;-) I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
On June 8, 2001 10:58 am, Joost van der Lugt wrote:
On Friday 08 June 2001 07:04, Leah Cunningham wrote:
You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you,
How do you know:-)
or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.
If you are running a reasonably up to date version of Sendmail it should start out with relaying shutdown. SuSE 6.1 [might have been 6.0] started shipping with the 8.9.x series of sendmail which I think all block relaying. So unless you turned it on or are running a very old version of sendmail you don't need to shut it off. If you are running something from 8.8.x or older I'd upgrade it. Nick
* Leah Cunningham (leah@unleashed.org) [010608 07:06]: -> ->You need to disable relaying in sendmail. I'm not positive where ->this is, but I imagine someone else here can tell you, or you could ->look it up, that's what I ususally do. I thought's SuSE's ->sendmail.cf took care of this by default, but I don't remember. In the sendmail.rc.config you need to edit the line where the start up options are given. It has -bd -q3 ..blah..blah. You need to take the -bd switch out. It will still runa as a daemon but it will no long listen on port 25 for connections. You can also edit your access file and put localhost only in the file. So in effect only somone logged into your machine will be able to relay from your machine. This is all from memory mind you..I switched to Postfix about 8 months ago. Regards, -- Ben Rosenberg mailto:ben@whack.org ----- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin
I don't think this is about relaying. Spoofing a from-address can be done without any relay at all. I just found this out. I had been getting strange entries in my maillog from sourceforge servers, and their admins told me it had to do with SMTP callback. i.e. finding out if the from-address is valid or not. I think this is what's required. But it has nothing to do with relaying, I'm *almost* certain :). On Friday 08 June 2001 16:04, Leah Cunningham wrote:
Matt,
- > I just wanted to share that with you! The id10t who spammed me even - > tried spoofing the from address to make it look as if it came from my - > own domain, so I forwarded it to them. - > - > Actually, how can one fix this? I am using Sendmail.
You need to disable relaying in sendmail. I'm not positive where this is, but I imagine someone else here can tell you, or you could look it up, that's what I ususally do. I thought's SuSE's sendmail.cf took care of this by default, but I don't remember.
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
* Anders Johansson (andjoh@cicada.linux-site.net) [010608 11:06]: ->I don't think this is about relaying. Spoofing a from-address can be done ->without any relay at all. -> ->I just found this out. I had been getting strange entries in my maillog from ->sourceforge servers, and their admins told me it had to do with SMTP ->callback. i.e. finding out if the from-address is valid or not. I think this ->is what's required. But it has nothing to do with relaying, I'm *almost* ->certain :). -> You can masq the domain your coming from like this with Sendmail. Most server operators prefer *not* to receive mails from unresolvable domains (such as your localhost.localdomain). -- MASQUERADE_AS(`mail.com') FEATURE(`masquerade_envelope') -- For further reading you can check this out. Read http://www.hserus.net/pop_smtp.html Regards, -- Ben Rosenberg mailto:ben@whack.org ----- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin
True, but you don't need sendmail to do that. telnet to a mail server and you can put whatever you like in the from field(HELO MAILTO FROM etc. I forget the exact syntax.) I once forged a mail to a friend to seem like it was from his boss. It was April fools day :) Regards Anders On Friday 08 June 2001 20:12, Ben Rosenberg wrote:
* Anders Johansson (andjoh@cicada.linux-site.net) [010608 11:06]: ->I don't think this is about relaying. Spoofing a from-address can be done ->without any relay at all. -> ->I just found this out. I had been getting strange entries in my maillog from ->sourceforge servers, and their admins told me it had to do with SMTP ->callback. i.e. finding out if the from-address is valid or not. I think this ->is what's required. But it has nothing to do with relaying, I'm *almost* ->certain :). ->
You can masq the domain your coming from like this with Sendmail. Most server operators prefer *not* to receive mails from unresolvable domains (such as your localhost.localdomain).
-- MASQUERADE_AS(`mail.com') FEATURE(`masquerade_envelope') --
For further reading you can check this out.
Read http://www.hserus.net/pop_smtp.html
Regards,
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all. Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server: mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given? Even then, one could change the user and leave the correct domain intact for external/internal domains. - > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al. I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk? Matt -- "The only thing complex about Linux are the users themselves." On Fri, 8 Jun 2001, Leah Cunningham wrote:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
It is a spam risk, some script spammer will abuse it to harvest all
the usernames in the domain.
Quoting StarTux
Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk?
Matt
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
As I pointed out, this is what sourceforge does. I haven't checked this, to see how it's done, but I'c be very surprised (to say the least) if it couldn't be done with sendmail Regards Anders On Friday 08 June 2001 20:51, StarTux wrote:
Would be nice if it could check to see if the user actually existed on the system. Or is this too much of a security risk?
Matt
-- "The only thing complex about Linux are the users themselves."
On Fri, 8 Jun 2001, Leah Cunningham wrote:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
hi, did you try qmail with the antispam patch ??? not so eays to configure, but works really well...... since qmail there is no more spam comming through our mail server. it does the ip checks etc. greets, chris Am Freitag, 8. Juni 2001 21:37 schrieb Leah Cunningham:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! ------------------------------------------------------------ Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
-- visit me at http://mamalala.de
* Leah Cunningham
but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
AFAIK sendmail that comes with SuSE 7.0 and above are compiled with tcp wrappers library and if you use the hosts.allow and hosts.deny files properly you may stop unauthorized IP's connecting to your mail server Also I have been using SuSE sendmail rpm (the one comes with 7.1) configured via yast and so far people tried relaying yet they all got the message "Sorry relaying not allowed" and I have not done anything special (ie. making my own senmail.cf manually) HTH -- Togan Muftuoglu
Damn, Thats a great idea...I need to use the hosts.allow file, as my default setting in deny is to deny all. But can I add a line like this to my sendmail section in .allow? SMTP:matthew@psychohorse.com ohno@psychohorse.com Or, would I need to do soemthing different? Or IP based only? I need to accept e-mails and to be able to send e-mails. The default sendmail configuration seems to be tightly locked (only send/recieve internally on the box). Matt -- "The only thing complex about Linux are the users themselves." On Fri, 8 Jun 2001, Togan Muftuoglu wrote:
* Leah Cunningham
[010608 22:45]: but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
AFAIK sendmail that comes with SuSE 7.0 and above are compiled with tcp wrappers library and if you use the hosts.allow and hosts.deny files properly you may stop unauthorized IP's connecting to your mail server
Also I have been using SuSE sendmail rpm (the one comes with 7.1) configured via yast and so far people tried relaying yet they all got the message "Sorry relaying not allowed" and I have not done anything special (ie. making my own senmail.cf manually)
HTH -- Togan Muftuoglu
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com
* StarTux
Damn,
Thats a great idea...I need to use the hosts.allow file, as my default setting in deny is to deny all. But can I add a line like this to my sendmail section in .allow?
AFAIK it hasto be like sendmail: LOCAL 111.222.333.0/255.255.255.0
SMTP:matthew@psychohorse.com ohno@psychohorse.com
Or, would I need to do soemthing different? Or IP based only? I need to accept e-mails and to be able to send e-mails.
Again AFAIK ( I may be completely wrong) SMTP In External address -> Internal address tcp port 25 (receiving mail out Internal address -> External address tcp port >1023 Sending mail out out Internal address -> External adress tcp port 25 In External address -> Internal address tcp port >1023
The default sendmail configuration seems to be tightly locked (only send/recieve internally on the box).
have a look also for /etc/mail directory access and relay-domains virtualusertable with them there should be no problem to achive what you want HTH -- Togan Muftuoglu
Do this and you will block most of the world from sending you e-mail
unless all of your mail comes thru a server that forwards to you and
the mail server is the only IP you allow.
My e-mail address, jeff.taylor@ieee.org, is an alias at my
professional organization. All e-mail to this address comes from 3 IP
addresses in the ieee.org domain. However, I have other e-mail
addresses and some of it comes direct, so I have no IP restrictions.
Using hosts.deny to block certain domains may make sense for a VERY
few domains that are nothing but spammers.
Jeffrey
Quoting Togan Muftuoglu
* Leah Cunningham
[010608 22:45]: but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
AFAIK sendmail that comes with SuSE 7.0 and above are compiled with tcp wrappers library and if you use the hosts.allow and hosts.deny files properly you may stop unauthorized IP's connecting to your mail server
Also I have been using SuSE sendmail rpm (the one comes with 7.1) configured via yast and so far people tried relaying yet they all got the message "Sorry relaying not allowed" and I have not done anything special (ie. making my own senmail.cf manually)
HTH
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
This won't work or will really throw a ball of wax into the works.
Look at my e-mail address. This is a perfectly valid address.
However, I don't work for the IEEE, I'm a member and this is an alias
that forwards to where I really am this month (I've had 3 ISPs in the
last 2 years). So I am never posting from the IEEE's domain. You can
look at the message ID to find where I writing this from except it is
an intranet domain name and won't resolve on the Internet. Check the
headers and you will see a third domain name. When I am visiting
friends and family, I usually use their ISP's SMTP server for outgoing
mail from my laptop. All legitimate mail. And I use different return
addresses, depending on the context. E.g., I have two ISPs currently;
obviously, I use the address in their domain when corresponding with
them. And for a while I was employed by a company with no physical
office, only a bunch of people working out of the back bedroom of
their home. Work e-mail carried the company's domain name. I could
have routed the work e-mail thru the company's mail servers, but that
would have meant a lot of extra work for me.
Any sysadmin that put such a policy in place would get all his/her
users added to my bozo filter (AKA kill file).
Just my $0.02USD,
Jeffrey
Quoting Leah Cunningham
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck
On Friday 08 June 2001 12:37, Leah Cunningham wrote:
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Feature is also called allow 'mail based on envelope from': FEATURE(relay_local_from) Which is not in the default SuSE sendmail config ( or any newer sendmail config). It is the only way to allow false envelopes in, aside from the promiscuous relay feature, which just allows anything whatsoever at all in:-). Sendmail does an nslookup on your domain, so it checks no matter what you give as a from address. The only spoofing you could do (that I can think off) is to spoof your IP address, which is hard to do, to say the least. -- Cheers, Joost
* Joost van der Lugt
On Friday 08 June 2001 12:37, Leah Cunningham wrote:
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Feature is also called allow 'mail based on envelope from':
FEATURE(relay_local_from)
Which is not in the default SuSE sendmail config ( or any newer sendmail config). It is the only way to allow false envelopes in, aside from the promiscuous relay feature, which just allows anything whatsoever at all in:-).
Sendmail does an nslookup on your domain, so it checks no matter what you give as a from address.
The only spoofing you could do (that I can think off) is to spoof your IP address, which is hard to do, to say the least.
Oops, guess I misunderstood the actual question, but as explained by others, it is not a good idear, and I don't know if it's possible. For your own domain(s) you even have to allow an empty from address ... (see the rfc's) so from does not have to equal your actual domain. (so the features I was talking about above regarding the envelopes were regarding relaying of, and allowing and denying of that)
Joost
participants (10)
-
Anders Johansson
-
Ben Rosenberg
-
Christian Klippel
-
Jeffrey Taylor
-
Joost van der Lugt
-
Leah Cunningham
-
Matthew
-
Nick Zentena
-
StarTux
-
Togan Muftuoglu