Kill sendmail until you have a version that blocks relaying. Or, if you
need it, break it into two parts. Put tcp wrappers to only allow in IP
addresses you trust (or nuke connections from places you don't trust), and
have it exec sendmail without the "-bp" option. Have another part run from
cron that runs through the sendmail queue "sendmail -q".
On Wednesday, February 02, 2000 3:12 PM, Kevin Torkelson
[SMTP:[EMAIL PROTECTED]] wrote:
> Speak of the devil,
>
> I just got a cry for help from someone running BDSI & Sendmail 8.9 who
> apparently
> has someone relaying a ton of crap through their system and their ISP is
> about
> to dump them. Anyone know a fast way to turn it off? Thanks,
>
> Kevin
>
> > -----Original Message-----
> > From: Eric [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, February 02, 2000 11:41 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: Hey, I DON'T WANT a firewall in front of my network!
> >
> > Paul Gracy wrote:
> > >
> > > I gotta tell ya, the law seems a bit overboard.
> >
> > The real problem is being able to prove that a specific individual is
> > behind it. I've already talked to one judge about the law and he is
> > ready to throw the book at anyone brought to his court under the law
> > if it can be proved that they are the culprit.
> >
> > > Also shows a complete lack
> > > of understanding of how the Internet works (concepts: shared
resources,
> > > learn by doing,
> >
> > Are you suggesting you have to break into systems to learn about
> > computing?
> >
> > > open mail relays are by definition available for public use,
> > ^^^
> > You mispelled "were". Open relays are no longer necessary for normal
> > delivery of e-mail. It would be nice if you could run an open relay
> > for the use of your own customers without having to worry about spammers
> > hijacking the relay to send junk mail.
> >
> > > world readable directories and open source, anonymous ftp, etc.)
Also,
> > > there is a concept (though now seen by some as too conservative -
> > whiners)
> > > in Anglo - American jurisprudence that if there is no harm, then how
> > could a
> > > crime have been committed?
> >
> > What concept is this? Around here, they prosecute people all the time
for
> > crimes in which there is no harm. In 1997, they arrested and charged a
> > student in Texas for using a university computer to develop a web page
for
> > an outside company. I personally consider that a whole lot less
menacing
> > than people trying to break into computers.
> >
> > > Also, if your system is configured properly, it
> > > shouldn't cost thousands of dollars to investigate a break-in or
> > break-in
> > > attempt, you should get it in your email inbox in the morning.
> >
> > If it only takes $5 worth of time to make sure they didn't get in,
> > that's enough damages to move it from a Class B Misdemeanor to the
> > Class A Misdemeanor. Also, all they have to do is delete one file
> > and it is no longer a Class B Misdemeanor.
> >
> > > Why should a
> > > computer user who played with your open relay (seen by some as a
putting
> > a
> > > swing in the front yard right next to the busy sidewalk without a
fence
> > or a
> > > sign) be punished because your incompetence meant that it took you
$5000
> > to
> > > figure out what happened?
> >
> > But if someone uses an open relay to send junk mail to thousands of
> > people,
> > damages will nearly always occur. The damages include
> > 1) any denial of service to the owners and legitimate users of the
> > machine
> > 2) the value of time by the owners to deal with the resulting
> > complaints,
> > threats, mail bombings, ... .
> > 3) the value of the service itself
> > 4) the costs incurred as a result of e-mail being blocked as a
result
> > of the spam run
> > 5) for an ISP, the potential loss of customers switching to other
> > service
> > providers because their e-mail cannot be delivered to some
sites.
> >
> > Thus, using an open relay without proper authorization to send junk mail
> > is
> > at least a Class A Misdemeanor, probably a State Jail Felony, and
> > potentially
> > a Category Three (or higher) Felony. Hijacking relays is a criminal act
> > and
> > I'd love to see the spammers who do that go to prison as a result.
> >
> > To be perfectly honest, I'm not worried about someone using an open
relay
> > to send e-mail to their Aunt Sadie. The big problem is determining
> > whether
> > the relay was from a spammer, a relay test by the anti-relay contingent,
> > or a simple misconfiguration by an individual.
> >
> > What would really be nice is if we could explicitly withdraw any and all
> > permission from spammers to access your SMTP server to send spam to
> > accounts
> > on that machine. That would make the act of spamming anyone using that
> > server at least a Class A Misdemeanor since the spammer would receive a
> > benefit as a result of delivery of the spam. (Felony would be better so
> > we could extradite.)
> >
> > Eric Johnson
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
