On Fri, 10 Nov 2000, Kevin Tyle wrote:
> Hi,
>
> Some folks have begun receiving email from non-existent
> users on one of our machines. It looks like this:
>
> Date: Thu, 09 Nov 00 19:11:27 EST
> From: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: hi
>
> <text deleted>
>
> where "foo" is the machine name. This machine is running
> RH 6.1. Relaying is permitted only from machines in the
> "meso.com" domain. All other machines in this domain either
> deny email relaying, or have SMTP ports blocked by our firewall.
>
> Can anyone out there help me eliminate these email "hijacking" or
> at least tell me how this is being accomplished?
>
Do you know the IP address ranges that the "meso.com" machines are
in? If so, you could limit access to the SMTP machine to certain IP
addresses / ranges. If that doesn't help, try updating to the latest
Sendmail, which I understand has "authenticated SMTP." If you require
authenticated SMTP or pop-before-smtp (either one would work) you
could probably stop this hijacking.
Or, you can go to www.orbs.org/otherresources.html for some tips.
Failing that, go to www.mail-abuse.org and talk with the MAPS people.
Trust me, if you want help, MAPS will help! :-)
John
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
