Bugtraq mailing list archives
Re: A security issue of a different kind.
From: alan () manawatu gen nz (Alan Brown)
Date: Sat, 30 Nov 1996 06:14:00 +1300
The anti mail-relaying stuff is discussed on page 194 of the sendmail book ("refuse to act as a mail gateway"). I was mailed this fragment about 2 months back when discussing bad domains. The delay was getting a chance to ask permission to repost it. Here's the patch (to your sendmail.mc): --- # added by Josh () actrix gen nz # mail from the domains in /local/lib/mail/banned-domains.txt will berefused FK /local/lib/mail/banned-domains.txt R$* < @$*$=K . > $* $#error $@ 5.7.1 $: "This domain isbanned." R$* < @$*$=K > $* $#error $@ 5.7.1 $: "This domain isbanned." --- Also this: I found it someplace off www.harker.com - they're pretty good for sendmail generall. ---- Finally: I _STRONGLY_ recommend anyone running sendmail sets the privacy options as follows in sendmail.cf 8.8.x (Linux flavour) O PrivacyOptions=goaway,restrictmailq,restrictqrun 8.6.x (yes, bad enough in itself) Op goaway,restrictmailq,restrictqrun I've seen several spam sites try to walk my userlist via the smtp port, which is why I removed vrfy/expn. They're not needed and can give away far too much information. BTW, I've had in excess of 100 items from earthstar.com and isp-inter.net in the last week. The latest is from earthstar's management, advertising themselves as a spam haven. Complaints to Sprint so far have been ignored. (Sprint provide their connectivity.) AB
Current thread:
- Re: A security issue of a different kind. Alan Brown (Nov 29)
- Re: A security issue of a different kind. Alan Brown (Nov 29)
- Re: A security issue of a different kind. Theo Van Dinter (Nov 29)
- possible lpd remote vulnerability Yuri Volobuev (Nov 30)
- Re: possible lpd remote vulnerability Evil Erik (Nov 30)
- possible lpd remote vulnerability Scriptors of DOOM (Nov 30)
- XFree86 3.2 Aleph One (Nov 30)
- Re: A security issue of a different kind. Alan Brown (Nov 29)
- Re: A security issue of a different kind. Alan Brown (Nov 29)