yes, I totally agree with Greg. Denying relaying by domain name is just
plain silly. gte.net over here does this. So anyone can use their mail
servers to send spam as long as they say they are [EMAIL PROTECTED]
You are effectively an open relay!
Only allow sending from IPs in your subnet, or use pop authentication
first.
charles
On Sat, 11 Nov 2000, Greg Wright wrote:
>
>
> *********** REPLY SEPARATOR ***********
>
> On 10/11/00 at 9:27 Kevin Tyle wrote:
>
> >Hi,
> >
> >Some folks have begun receiving email from non-existent
> >users on one of our machines. It looks like this:
> >
> >Date: Thu, 09 Nov 00 19:11:27 EST
> >From: [EMAIL PROTECTED]
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: hi
> >
> ><text deleted>
> >
> >where "foo" is the machine name. This machine is running
> >RH 6.1. Relaying is permitted only from machines in the
> >"meso.com" domain. All other machines in this domain either
> >deny email relaying, or have SMTP ports blocked by our firewall.
> >
> >Can anyone out there help me eliminate these email "hijacking" or
> >at least tell me how this is being accomplished?
>
> You answered it yourself, look at the from header, its forged...you say
> machines in the meso.com domain, maybe allowing by IP may be better for
> you.
>
> You do not say what MTA you have, so for now block the originating IP (or
> block) if your getting enough....also enable MAPS etc if your MTA support
> this...
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
