Re: sendmail SPAM

From: Steve Dodd (steved@loth.demon.co.uk)
Date: Mon Jan 10 2000 - 02:56:05 EST


On Sun, Jan 09, 2000 at 10:20:46PM +0100, Grischa Schuering wrote:

> As I know, all newer sendmail distributions are configured automatically
> with anti-spam rules. One rule that I know of is, that either source or
> destination email address has to be local.

Yes, sort of. If the destination address isn't local, then there must be a
rule permitting relay on some grounds.

> Now the person, that is using my server for spam mail, uses an email account
> that exists almost on all unix systems, root@www.mydomain.com. ANd my server
> relays that mail, because the user root exists on the server.

OK, that sounds like you've got FEATURE(relay_local_from) enabled. And this
problem should be expected, really, because if you read cf/README in the
sendmail source:

relay_local_from
                Allows relaying if the domain portion of the mail sender
                is a local host. This should only be used if absolutely
                necessary as it opens a window for spammers. Specifically,
                they can send mail to your mail server that claims to be
                from your domain (either directly or via a routed address),
                and you will go ahead and relay it out to arbitrary hosts
                on the Internet.

> Do you know of a secure config for sendmail that this does not happen?
>
> The only thing I can think of is, configuring the server to just accept smpt
> connections from a list of ips. But this would mean, that customers using
> dynamically assigned ip address (e.g. aol, compusere and so on) can't send
> emails, when the ip address changes.. THat shouldn't be a pratically useful
> solutions.

This does beg the question of *why* people from AOL and Compuserve dial-ups
are relaying through your servers. They should be using the mail servers
provided by the ISP in question. Two reasons that spring to mind are

i) you're a corporation and want mail from your employees to always go through
your server for some reason (I can't really thing of any good ones), or

ii) your users dial-in to different ISPs at different times, and/or
sometimes use their laptops on the company network. Most mail software can't
change the SMTP server used based on the network/DUN connection, but it ought
to.

There's some software around which can allegedly address (ii) for Windows
users; I haven't tried it myself. Have a look at
<URL:http://trigon.dyndns.org/mailroam.html>
<URL:http://www.angelfire.com/mn/trigon/mailroam.html> (backup location)

and maybe at Message-ID: <7pntlu$qhe$1@news1.tc.umn.edu> on
news.admin.net-abuse.email (use the message-ID search at
<URL:http://www.exit109.com/~jeremy/news/deja.html>).

The other approach is to make sendmail authenticate users before allowing
them to relay (if they're not on the LAN). 8.9.x doesn't support this, but
I believe the 8.10 betas (look at <URL:http://www.sendmail.org/>) support
SMTP AUTH. There are probably also wrappers / patches out there for sendmail
to implement POP-before-SMTP (which is *horrid* hack IMNSHO), and other
solutions.

-- 
"His mind is like a steel trap -- full of mice"
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Sat Jan 15 2000 - 21:00:29 EST