[NTLUG:Discuss] Any experts on preventing Sendmail from beingused for Phishing?

Victor Brilon victor at victorland.com
Sun Mar 27 20:57:41 CST 2005 

On Mar 27, 2005, at 8:00 PM, Jerry Brillowski - LNX Technologies wrote:

> I'm completely new to sendmail so I will do my best to explain better.
> Btw, thank you Jack for giving me an outline to use in trying to figure
> this out from.  Thanks also to Victor for asking for more detail also.
>
Hey, that's what we're here :)

> In lay man's terms...Someone or something is sending out emails from my
> server at The Planet.  (I would assume they are using it as a "relay"?)
>
This is definitely Not Good(tm).

> [ phish detail snip]
>
> Of course, now the question is "How do you turn off relaying by 
> everyone
> other than trusted users?"
>
Go to sendmail.org and search for how to turn off relaying.

> The actual number of "my" users is quite small.  Less than 30 people
> should ever be using this email system.  They do not seem to have been
> affected by this issue currently.  My users have been warned and if 
> they
> do something stupid like giving out information from an email request,
> it is their problem.  They know better so that is not of that much
> importance at the present.
>
Your users are probably the least of your worries at this point 
unfortunately. Your mail is being actively exploited by spammers by the 
sound of things.

> I AM worried that The Planet is going to shut me down if I can't put a
> permanent stop to this as they have threatened to do within the next 12
> hours.
>
I colo at The Planet as well, and their non-tolerance of spammers is 
one reason why I choose to do business with them. Having said that, you 
need to understand that they have no way to differentiate you from a 
real spammer and are just as likely to shut you down to cover their own 
ass.

My suggestions would be to:
1) Read on sendmail.org how to turn off relaying. Now. And then 
implement it ASAP. This should be a good start: 
http://www.sendmail.org/tips/relaying.html
2) Figure out a sensible solution for your users. Do they actually need 
to relay through your server or can they do so through their ISP's mail 
servers? This way you can turn off all relaying. If that's not a 
solution, you need to figure out how to authenticate your users so they 
can relay safely.
3) if you're not comfortable doing this stuff,  please spend the few 
bucks to pay an experienced mail admin to look at this. Unfortunately 
the spam going through your server affect the rest of us in an ugly way 
:/ If you're new to admin'ing a Linux server, please consider hiring an 
experienced consultant to take a look at your box to make sure it's 
safely and properly configured. Trust me, that consultant will cost 
much less than the time and money you'll spend when (not if) your 
server get owned by malicious script kiddies.
4) This is purely a personal opinion, but think about ditching sendmail 
and go with postifx as I think it's much easier to learn and admin it.

Good luck!
Victor

More information about the Discuss mailing list