Jaspreet Ahuja wrote: > Recently I have noticed some messages being sent to people using our domain > name. Here is an example: > > ------------------- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 13, 1998 4:50 PM > To: [EMAIL PROTECTED] > Subject: Hi > > > Do you know what the number one factor is, that will determine whether your > business is a > success or not? ADVERTISING! Effective conventional advertising is quite > expensive. So > what do you do? Direct email is one of, if not thee most effective method > of advertising in > the 90's. You can get your ad out to hundreds of thousands, even millions, > ------------- > > Is there a way that I can detect that it was a hack or our they just using > this server as an outgoing mail server or otherwise. Do you know for sure that this message was sent via your server? (i.e. do the Received: headers indicate this?). Someone can set the From: address to anything they like. Also, if sendmail.cf was built with FEATURE(always_add_domain), then any addresses which don't have a domain will have your domain appended to them. > And how do I prevent this from happening. It is a Linux server > running Sendmail. Sendmail 8.9.* includes features to control who can use your mail server as a relay. The sendmail 8.8.* that comes with RedHat includes a sendmail.cf file which has similar features. Also, you can add your own check_rcpt ruleset to sendmail.cf to perform the same task (I can provide an example). -- Glynn Clements <[EMAIL PROTECTED]>
