Urgent, being used as spam relay Please Help!
------- Forwarded Message Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help! Hi, We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion. I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it. As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny. Please someone help, Mark. ------- End of Forwarded Message
At 13:29 17.11.97 +0100, NCC local-ir list Moderator wrote:
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Set up an access list in your main router and block incoming smpt traffic for the entire net-address of this company or for the mailservers they own. -- Med vennlig hilsen / Kind regards Stig Bull IP-drift Telenor Nextel AS email privat: stig@undernet.org email jobb: sb@online.no Tlf sentralbord: 22 77 19 00
Hi, Please stop putting the word Urgent in your mails. My GSM starts beeping for that! (SMS-messages). Anyway, since it probably is an urgent matter you are forgivven.... Have a look at http://www.informatik.uni-kiel.de/~ca It implements quite well and works great. Good luck!
To: lir-wg@ripe.net Reply-to: lir-wg@ripe.net Subject: Urgent, being used as spam relay Please Help! Date: Mon, 17 Nov 1997 13:29:51 +0100 From: NCC local-ir list Moderator <lir-mod@ripe.net>
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Mark.
------- End of Forwarded Message
-- Marco Davids +31(0)15 2569284 fax: +31(0)15 2158286 N.V. Casema Kabeltelevisie mailto:mdavids@casema.net Internet Systemadministrator http://www.casema.net/~mdavids InterNIC: MD2446 RIPE: MD270-RIPE Thought for the day: The only thing that hurts more than paying income tax is not having to pay income tax.
"Mark Simcoe" <msimcoe@netcentral.co.uk> said;
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
Whilst a quick addition of a router access-list to filter all traffic from the source will temporarily stop the problem, you (and everyone) need a more permanent solution.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
I would strongly encourage everyone on this list to urgently review their mail systems, and make sure they have some anti-relay measures installed. For Sendmail, see http://www.sendmail.org/antispam.html, and for more general information, http://spam.abuse.net/ With the growing popularity of the MAPS RBL (http://maps.vix.com), sites not taking the right precautions will find themselves filtered from more and more of the Internet. -- Phil Dye | Work: pmd@tcp.net.uk Network Manager | Play: phil@lart.ing.co.uk Total Connectivity Providers | Consider myself properly disclaimed "The nice thing about standards is that there are so many to choose from" -anon
http://www.sendmail.org/antispam.html And if you can read German: http://www.informatik.uni-kiel.de/~ca/email/ In case you use a SUN you may have to download the sendmail 8.8.8 from ftp.sendmail.org Good Luck
To: lir-wg@ripe.net Reply-to: lir-wg@ripe.net Subject: Urgent, being used as spam relay Please Help! Date: Mon, 17 Nov 1997 13:29:51 +0100 From: NCC local-ir list Moderator <lir-mod@ripe.net>
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Mark.
------- End of Forwarded Message
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Mark.
------- End of Forwarded Message
------------------------------------------------- Coutelier Thierry Entreprise des P&T Voice: +352-4088-7746 10, Rue D'Epernay Fax : +352-489324 L-1010 LUXEMBOURG Home : +352-356971 http://www.prophecy.lu -------------------------------------------------
On Mon, 17 Nov 1997 13:29:51 +0100 NCC local-ir list Moderator <lir-mod@ripe.net> wrote: You need to beef up your security install the sendmail stuff from www.sendmail.org, I'd recommend installing a mail relay agent that was "with it" like qmail. www.qmail.org. Basically I shouldn't be able to get this: Trying 195.62.194.5... Connected to genesis.netcentral.co.uk. Escape character is '^]'. BSDI BSD/OS 2.1 (genesis.netcentral.co.uk) (ttyp1) login:
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: "Mark Simcoe" <msimcoe@netcentral.co.uk> To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Mark.
------- End of Forwarded Message
-- Neil J. McRae - Alive and Kicking. C O L T I N T E R N E T neil@COLT.NET Ascend GRF: 100% CpF [Cisco protection Factor] Free the daemon in your <A HREF="http://www.NetBSD.ORG/">computer!</A>
Mark et al, There is an excellent page at <http://anti-relay.unicom.com/anti-relay> regarding how to stop the use of your mail server as a relay. I hope this information is helpful to you. Regards, Larry ----- At 01:29 PM 11/17/97 +0100, NCC local-ir list Moderator wrote:
------- Forwarded Message
Date: Mon, 17 Nov 1997 09:59:42 -0000 From: To: <local-ir-list@ripe.net> Subject: Urgent, being used as spam relay Please Help!
Hi,
We have just been used as a smtp relay for one of the US spam companies and it crashed one of our mail servers, the service remained unaffected as our backup systems took over but we use sendmail and I cannot seem to find out how to stop us from being used in this fashion.
I know this is not the correct list for this sort of thing but I need some expert advice as our software suppliers don't know how to stop it.
As a general warning to everyone out there we need to protect our systems from these people who are starting to use us all to deliver their mail for them without paying us a penny.
Please someone help,
Mark.
------- End of Forwarded Message
Larry Vaden 903-813-4500 Internet Texoma, Inc. 800-697-0206 Member ISP/C, TISPA Fax 903-868-8551
a simple configuration: edit a file /etc/sendmail.relaylist with your own domain and other domain that you want to permit relaying. put in your mc file (if you use the m4 kit configurator) or directly in /etc/sendmail.cf (but you need to remove the two lines LOCAL_*) the configuration below. Restart your sendmail. You need to use the latest version of sendmail (8.8.8) => there's no known security hole. The last point, take care with TAB in the mc file or with /etc/senmail.cf file (look at the comments ;-) ) ----8<--------- Cut here -------------------------- LOCAL_CONFIG FR-o /etc/sendmail.relaylist LOCAL_RULESETS # TAB stop should be -><- here Scheck_rcpt # anything terminating locally is ok R< $+ @ $=w > $@ OK R< $+ @ $* $=R > $@ OK # anything originating locally is ok R$* $: $(dequote "" $&{client_name} $) R$=w $@ OK R$* $=R $@ OK R$@ $@ OK # anything else is bogus R$* $#error $: "571 Relaying Denied" ----8<--------- Cut here -------------------------- A+ PS: sorry for my english ;-) -- SeB-]
participants (8)
-
Larry Vaden -
Marco Davids -
NCC local-ir list Moderator -
Neil J. McRae -
Phil Dye -
Sebastien Delcroix -
Stig Bull -
Thierry Coutelier