*********** REPLY SEPARATOR ***********
On 10/11/00 at 9:27 Kevin Tyle wrote:
>Hi,
>
>Some folks have begun receiving email from non-existent
>users on one of our machines. It looks like this:
>
>Date: Thu, 09 Nov 00 19:11:27 EST
>From: [EMAIL PROTECTED]
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: hi
>
><text deleted>
>
>where "foo" is the machine name. This machine is running
>RH 6.1. Relaying is permitted only from machines in the
>"meso.com" domain. All other machines in this domain either
>deny email relaying, or have SMTP ports blocked by our firewall.
>
>Can anyone out there help me eliminate these email "hijacking" or
>at least tell me how this is being accomplished?
You answered it yourself, look at the from header, its forged...you say
machines in the meso.com domain, maybe allowing by IP may be better for
you.
You do not say what MTA you have, so for now block the originating IP (or
block) if your getting enough....also enable MAPS etc if your MTA support
this...
Regards
Greg Wright
IT Consultant Sydney Australia
--
*** Please trim any replies ***
*** Please turn off HTML in your email ***
*** Please don't use the list for test messages ***
*** Why not search the archives? http://moongroup.com/redhat.phtml ***
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
