[NTLUG:Discuss] Any experts on preventing Sendmail from beingused for Phishing?

Greg Edwards greg at nas-inet.com
Mon Mar 28 10:54:06 CST 2005 

Jerry Brillowski - LNX Technologies wrote:
> I'm completely new to sendmail so I will do my best to explain better.
> Btw, thank you Jack for giving me an outline to use in trying to figure
> this out from.  Thanks also to Victor for asking for more detail also.
> 
> In lay man's terms...Someone or something is sending out emails from my
> server at The Planet.  (I would assume they are using it as a "relay"?)
> 

> 
> Jerry Brillowski

Jerry,

Easiest way to admin sendmail (IMHO) is with webmin.  If that's not 
available hand editing config files works fine.

Your config files should be together under /etc, mine are in /etc/mail

To shutdown relaying from spammers

filename: access

=======================================================================
# Check the /usr/share/doc/sendmail-8.12.6/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail-8.12.6/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain		RELAY
localhost			RELAY
127.0.0.1			RELAY
your.ip.address.here            RELAY
someone at your.domain             RELAY
=======================================================================

To allow domains to relay add domainnames to relay-domains then tell 
sendmail where the file is

filename: sendmail.cf

=======================================================================
# Hosts for which relaying is permitted ($=R)
FR-o /etc/mail/relay-domains
=======================================================================

You don't need to setup trusted users.  If only local users are relaying 
then they'll already be able to do so with your local domains (Cw) 
setting.  Sendmail is not hard to configure, it's hard to learn because 
it's so powerful.  Postfix, qmail, and others are good, but the power 
still remains with sendmail.

For your phishing issue just send a general broadcast e-mail to all of 
your users telling them NOT to respond to those requests.  Making the From 
address look like you is, unfortunately, easy to do.  The e-mail doesn't 
even have to be from your server to look like it's from you.

Since your mail server is being hosted you might need to consider turning 
off localhost as a relay source.  I've never done this and I can't say 
what all of the ramifications would be from trying this.  But, if someone 
else on the Planet has tapped into your server then they could be doing 
the relaying.  Check your info log file to see where the relayed emails 
are coming from.

Good luck,
-- 
Greg Edwards
New Age Software, Inc.
Custom software for an off the rack world
http://consult.nas-inet.com

More information about the Discuss mailing list