John Foster <[EMAIL PROTECTED]> writes: > The last entry is the first reference to this piece of mail in my > logs! Is it possible for someone to use their compuserve account to > send mail to my daemon that instructs it to run the bulk mailout?
Yes. It is very easy to use a standard mailhost as a relay if it doesn't have any kind of relay-access-control. > If so, how do I stop it? There is a set of patches for Sendmail that allow it to do this, you can use BlackMail as a spam-filter, or install qmail (http://www.qmail.org/) which has a reasonable amount of configurability fo stopping spam, and also several patches that further improves this ability. (Checking if the envelope-from address is valid through DNS or simply blocking an ip-range.) > More importantly, how can I find if it's one of the 800 clients who > has an account on this server, so I can close their account and send > them elsewhere? Install iplogger. This will give you entries in the syslog for all connection attemts made to your machine, like: Jun 21 16:42:53 blight tcplogd: smtp connection attempt from yme.mo.hiMolde.no > And then how do I prevent it happening again? Install access-control-lists for relaying on your current MTA, or switch to qmail. -- Vebjorn Forsmo [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] 80 13 6B 4B 7C 83 B7 DC 5C 9C A8 AE C0 AD 22 F4 2048/00952325 1995/05/13 To err is human, to forgive is Not Company Policy. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .