[Cialug] Hijack This! (Equivalent on Linux?)

Fri, 28 Jan 2005 12:13:06 -0600

Andrew Lietzow wrote:
> Cialug'ers,
> I've both done a lot on this problem, and not near enough.   Some idiots 
> in the world have decided to hijack my server as a Relay host for 
> Spam.   I have only three entries in my /etc/mail/relay-domains listing, 
> and these entries are NOT the domain from which they accomplish this spoof.
> 
> I am using sendmail 8.13.1.  Have not had a problem with this in the 
> past until recently.   Apparently, I've relaxed my controls but I can't 
> understand how they can relay if I haven't enabled it.   I thought 8.9 
> and above defaulted to relaying denied?
> I'll keep digging but help is much appreciated.   I'm getting hundreds 
> of messages about bounced mail and that is how I discovered them.
> TIA,
> 
> Andrew L.

Adding RBL (Realtime Blackhole List) blocking to my servers has dropped 
the amount of spam dramatically. Kevin has done the same on the LUG 
server - which doesn't affect this list, but reduces the # of submission 
request he has to reject.

I haven't touched sendmail for YEARS. I've been using postfix for a long 
time and have been very happy with it.

Here's that section of my postfix config if you're interested:

smtpd_recipient_restrictions = permit_mynetworks
                                reject_invalid_hostname
                                reject_unknown_sender_domain
                                reject_unknown_recipient_domain
                                reject_unauth_destination
                                reject_maps_rbl

# found this at:
# http://jimsun.linxnet.com/misc/postfix-anti-UCE.txt
maps_rbl_domains =
     zombie.dnsbl.sorbs.net,
     relays.ordb.org,
     opm.blitzed.org,
     list.dsbl.org,
     sbl.spamhaus.org,
     blackholes.easynet.nl

-dc