Security Basics mailing list archives
Re: Sendmail 8.11 configuration/security issue
From: "Don Voss" <voss () albany edu>
Date: Sat, 04 Jan 2003 07:58:33 -0500
On Fri, 3 Jan 2003 oobs3c02 () attbi com wrote: The scenario turned up when a person I know received spam with the sender being spoofed showing amber () mydomain com and recipient being myfriend () mydomain com. After inspecting the mail headers, we discovered that the source IP was definitely external. We've scoured sendmail.org, arachnoid.com, cauce.org and all the books we have and could not find this scenario speifically mentioned.
Just to answer the above .. it is just a mass mailer virus. Current versions have their own SMTP and attempt to "guess" at smtp engines from address's found. IE: address found in doc = fred () someschool edu, virus trys to send by smtp.someschool.edu . It scans local and net attached drives for addresses in address book[s],IRC applications, .doc, .hta, .html, .xls + other file types. It disables various virus checker applications, inserts/attaches random docs, random subject lines, etc. Just means you can get email from yourself or a dead person .. depending on the documentation data available on the infected unit. Not sure you should deal with this at the sendmail point .. regards, /don _______________________________________________________ Don Voss "Jazz music is an intensified feeling of nonchalance." -- Francoise Sagan
Current thread:
- Sendmail 8.11 configuration/security issue oobs3c02 (Jan 03)
- Re: Sendmail 8.11 configuration/security issue simsjs (Jan 03)
- Re: Sendmail 8.11 configuration/security issue john65 (Jan 03)
- Re: Sendmail 8.11 configuration/security issue Don Voss (Jan 05)
- Re: Sendmail 8.11 configuration/security issue Timothy M. Lyons (Jan 06)
- <Possible follow-ups>
- RE: Sendmail 8.11 configuration/security issue Keith T. Morgan (Jan 03)
- Re: Sendmail 8.11 configuration/security issue Ned Fleming (Jan 03)
- Re: Sendmail 8.11 configuration/security issue Wahyu Kelik (Jan 05)
- RE: Sendmail 8.11 configuration/security issue john65 (Jan 05)
- Re: Sendmail 8.11 configuration/security issue Ned Fleming (Jan 03)