[NTLUG:Discuss] Any experts on preventing Sendmail from beingused for Phishing?

Jerry Brillowski - LNX Technologies jbdallas_x1 at billingsystems.biz
Sun Mar 27 20:00:36 CST 2005 

I'm completely new to sendmail so I will do my best to explain better.
Btw, thank you Jack for giving me an outline to use in trying to figure
this out from.  Thanks also to Victor for asking for more detail also.

In lay man's terms...Someone or something is sending out emails from my
server at The Planet.  (I would assume they are using it as a "relay"?)

These emails state that they are from the Bank of Oklahoma, complete
with Logo, etc. warning the recipient that the security of their
account(s) might have been compromised and to immediately click on the
link and "verify" that it is them or else expect their account(s) and
cards to be disabled/canceled or whatever.  Of course, it is NOT the
Bank of Oklahoma and people are being duped into giving up personal
information for someone else's ill-gotten gain.

The above is happening on quite a massive scale. (My maillog file was
growing at about 180 Mb every 12 hours.)  Likewise, #1 below would best
describe my need I believe.  I am concerned about "non-trusted users to
other remote users."

Of course, now the question is "How do you turn off relaying by everyone
other than trusted users?"

The actual number of "my" users is quite small.  Less than 30 people
should ever be using this email system.  They do not seem to have been
affected by this issue currently.  My users have been warned and if they
do something stupid like giving out information from an email request,
it is their problem.  They know better so that is not of that much
importance at the present.

I AM worried that The Planet is going to shut me down if I can't put a
permanent stop to this as they have threatened to do within the next 12
hours.

Again, thanks so much for the replies and the ones that I'm sure will be
forthcoming!

Sincerely,

Jerry Brillowski
JerryB at LNX-Technologies.com
(214) 651-8882 (office)
(214) 418-0897 (mobile)



-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On
Behalf 
Of Jack Snodgrass
Sent: Sunday, March 27, 2005 5:46 PM
To: NTLUG Discussion List
Subject: Re: [NTLUG:Discuss] Any experts on preventing Sendmail from
beingused for Phishing?

phishing is where a site 'pretends' to be some other site or has frames
that
show you SiteA, but any actions you do go to SiteB.... right? 

When you say 'prevent sendmail from being used for Phising'... 

1) do you mean from non-trusted users to other remote users? 
or 
2) do you mean from 'trusted'' users to other remote users... 
or 
3) do you mean from non-trusted users to your local users? 

#1 - turn off relaying by everyone other than trusted users. trusted
users can be SMTP Auth users or possibly users from specific 
ip addresses. This should be done for all mail servers in general. 

#2 - will take a bit of thought. Do you really want to filter an email 
that your 'trusted' user says that happens to have a fake 
ebay link it it.... maybe it's a valid email that the users wants
to send.... maybe... 

#3  - you want to 'protect' your users from doing something 
stupid ( education - Don't click on any finance  related web site 
links you get in an email.... manually, enter the address on your 
browser's address bar ) 

Just want to make sure that your asking the right question. 

jack 






i.e. non-trusted users should not be able to send ANY email through
your sendmail server.

On Sun, 27 Mar 2005 16:10:53 -0600, Jerry Brillowski - LNX
Technologies <jbdallas_x1 at billingsystems.biz> wrote:
> 
> If anyone has an easy answer, I would love to know it.
> 
> If anyone has a difficult answer and would like to fix it for me, I
will
> be glad to pay them!
> 
> Thanks in advance to anyone that can help out.
> 
> Sincerely,
> 
> Jerry Brillowski
> JerryB at LNX-Technologies.com
> (214) 651-8882 (office)
> (214) 418-0897 (mobile)
> 
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>

_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list