[NTLUG:Discuss] Any experts on preventing Sendmail from beingused for Phishing?

[jpmiller@quorumhost.com]

I say the 4 step plan outlined below is a good start with 2 corrections:

step 0: Stop sendmail now.  exact method varies with distro, but it shouldn't be
too hard to figure out. Once that's done, you'll have some time research and
decide how you're going to fix the problem.

step 4: I like qmail. =]

But definitely get someone with some experience on that box.  I'm sure any
number of people on this list would be willing to help for varying fees
(anywhere from a beer on up =]).  While Linux does have some inherently good
security traits, the quality of the people running the system is a much larger
factor in system security than anything else.



Quoting Victor Brilon <victor at victorland.com>:

>
> On Mar 27, 2005, at 8:00 PM, Jerry Brillowski - LNX Technologies wrote:
>
> > I'm completely new to sendmail so I will do my best to explain better.
> > Btw, thank you Jack for giving me an outline to use in trying to figure
> > this out from.  Thanks also to Victor for asking for more detail also.
> >
> Hey, that's what we're here :)
>
> > In lay man's terms...Someone or something is sending out emails from my
> > server at The Planet.  (I would assume they are using it as a "relay"?)
> >
> This is definitely Not Good(tm).
>
> > [ phish detail snip]
> >
> > Of course, now the question is "How do you turn off relaying by
> > everyone
> > other than trusted users?"
> >
> Go to sendmail.org and search for how to turn off relaying.
>
> > The actual number of "my" users is quite small.  Less than 30 people
> > should ever be using this email system.  They do not seem to have been
> > affected by this issue currently.  My users have been warned and if
> > they
> > do something stupid like giving out information from an email request,
> > it is their problem.  They know better so that is not of that much
> > importance at the present.
> >
> Your users are probably the least of your worries at this point
> unfortunately. Your mail is being actively exploited by spammers by the
> sound of things.
>
> > I AM worried that The Planet is going to shut me down if I can't put a
> > permanent stop to this as they have threatened to do within the next 12
> > hours.
> >
> I colo at The Planet as well, and their non-tolerance of spammers is
> one reason why I choose to do business with them. Having said that, you
> need to understand that they have no way to differentiate you from a
> real spammer and are just as likely to shut you down to cover their own
> ass.
>
> My suggestions would be to:
> 1) Read on sendmail.org how to turn off relaying. Now. And then
> implement it ASAP. This should be a good start:
> http://www.sendmail.org/tips/relaying.html
> 2) Figure out a sensible solution for your users. Do they actually need
> to relay through your server or can they do so through their ISP's mail
> servers? This way you can turn off all relaying. If that's not a
> solution, you need to figure out how to authenticate your users so they
> can relay safely.
> 3) if you're not comfortable doing this stuff,  please spend the few
> bucks to pay an experienced mail admin to look at this. Unfortunately
> the spam going through your server affect the rest of us in an ugly way
> :/ If you're new to admin'ing a Linux server, please consider hiring an
> experienced consultant to take a look at your box to make sure it's
> safely and properly configured. Trust me, that consultant will cost
> much less than the time and money you'll spend when (not if) your
> server get owned by malicious script kiddies.
> 4) This is purely a personal opinion, but think about ditching sendmail
> and go with postifx as I think it's much easier to learn and admin it.
>
> Good luck!
> Victor
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.