Mail Server Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationMail Server Help
Reload this Page

Sendmail - Spammer attack ??

Discuss Sendmail - Spammer attack ?? in the Mail Server Help forum on Dev Shed.
Sendmail - Spammer attack ?? Mail Server Help forum discussing tips, tricks, techniques and Spam containment solutions. Topics include mail servers such as Sendmail and Qmail, webmail interfaces such as Squirrelmail and Horde and spam solutions such as SpamAssassin and Bayesian

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old December 15th, 2004, 10:15 AM
msc msc is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2004
Posts: 39 msc User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 13 m 6 sec
Reputation Power: 4
Sendmail - Spammer attack ??
Hello, I am new to sendmail/ Mail admin. Question , my mail info
log is showing

06:53:53 myhost.xxx sendmail[9351]: iBFBrokU009351: ruleset=check_rcpt, arg1=<saint7704@daum.net>, relay=[222.101.164.186], reject=550 5.7.1 <saint7704@daum.net>... Relaying denied. IP name lookup failed [222.101.164.186]

I think this is a spammer trying to relay from my server. ??

If so is my configuration (it seems) doing its job by not allowing
the relay.

If so why is this spammer continuing to try to relay, It won't seem to stop. They keep changing IP (in the same range) 222.100 to 222.200 +/-.

How can I be sure that they are not infact relaying from my server. and how can I block this #!#$%@ from continuing ??

Any thoughts appriciated, Thanks,
Reply With Quote
  #2  
Old December 15th, 2004, 10:32 AM
mrballcb mrballcb is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Dec 2004
Location: Los Angeles
Posts: 1 mrballcb User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Send a message via AIM to mrballcb
Quote:
Originally Posted by msc
How can I be sure that they are not infact relaying from my server. and how can I block this #!#$%@ from continuing ??


They are not relaying through that server as long as it keeps trying to come from that IP address because your sendmail is not configured to relay mail coming from that IP. That is good and proper.

In order to block it before it even knows who or what the email is, you can use access maps. If you have access maps enabled, you could do something like this in /etc/mail/access (or wherever your access map is):

[root@lunar mail]# tail -8 /etc/mail/access
# Blocking Zafi/b emails that were performing dictionary attack
208.180.158.159 REJECT
216.180.199 REJECT
208.180.159 REJECT
216.248.98 REJECT
64.254.195 REJECT
65.175.160 REJECT
65.175.171 REJECT
That blocks email from either specific hosts (208.180.158.159) or from whole networks (216.180.199.*).

To check and see if you have access maps enabled in your sendmail.cf, you can check to see if the access_db.m4 macro was used during building of the sendmail.cf:

[root@lunar mail]# grep 'access_db.m4' /etc/mail/sendmail.cf
##### $Id: access_db.m4,v 8.24 2002/03/06 21:50:25 ca Exp $ #####

Blue skies... Todd
Last edited by mrballcb : December 15th, 2004 at 10:33 AM. Reason: typo
Reply With Quote
  #3  
Old December 15th, 2004, 10:49 AM
msc msc is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Nov 2004
Posts: 39 msc User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 7 h 13 m 6 sec
Reputation Power: 4
thanks
I am greatful for the help, thanks again.

I checked the access in the sendmail.cf and it is as you showed,
I edited access file as you showed.

can you do " 222.100/200 REJECT" line ?? This spammers swithing
IP's in this range.

Thanks again, msc
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationMail Server Help > Sendmail - Spammer attack ??

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway