[Linux-Anyway] Re: Damn it! Open relay -- again
- From: Meph Istopheles <meph@xxxxxxxxxxx>
- To: Linux-Anyway@xxxxxxxxxxxxx
- Date: Sun, 23 Mar 2003 13:00:29 -0800 (PST)
> > Don't know how it happened, but either sendmail (from RH)
> > hasn't been secure from my last install, or in dealing with
> > all my hassles getting my private network working opened
> > sendmail up to others. For some days spammers were relaying
> > through my server.
> I wonder how long it will take before people start finding them
> out and beating the crap out of them. God rot their bones.
I wonder about this too. Why is it that those of us who
unknowingly (by accident) wind up allowing relaying are the ones
shunned & have to suffer when it's the bastards who think it's OK
to not only use other's resources, but also send that crap are
allowed to go freely searching for other open relays? Typical.
> > In the end, I had to completely shut sendmail down & am
> > using my isp's smtp server.
> Friday, as I was (unsuccessfully) trying to scan my public IP
> for open ports, I scanned yours as well:
> Port State Service
> 21/tcp open ftp
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open sunrpc
> 179/tcp filtered bgp
> 443/tcp open https
> 512/tcp open exec
> 515/tcp open printer
> 648/tcp open unknown
> 3306/tcp open mysql
> 6000/tcp open X11
> Here at least there was no SMTP port open, but the only IP I
> scanned was the one bound to your domain.
And I believe it was closed before the spammers found a hole.
In other words, some other port was being used...somehow.
> Could some other machines be running sendmail as well?
I only have one other 'puter running Linux & sendmail just now,
but I've not found any trouble as yet on it.
> The firewall seems not to have been running at the time.
Figures. I think I'll go back to tcp/ip wrappers. At least
with them you ~know~ what's happening.
> I just scanned you again and got the same result.
Most of those ports I have open intentionally. After I get
back from the store I'll close the ones I don't want open.
Thanks for the results.
> Sorry I can't help on sendmail - this is a complete mystery to
> me. Had a look at sendmail.cf the other day and suffered a
> heavy headache right away. Reminds of the old newbie days as
> configuration files made no sense except perhaps somebody
> pulling my leg.
Yeah, with every new release -- which is ~supposedly~ more
secure, it seems to get worse. There was a day back in the early
8.x days when it was a simple line entry in the cf to keep your
server from allowing spamming.
Guess I'll learn a new mailer (& send a disgruntled e-mail to
the maintainers).
Meph
--
Perhaps the biggest disappointments were the ones you expected
anyway.
To unsubcribe send e-mail with the word unsubscribe in the body to:
Linux-Anyway-Request@xxxxxxxxxxxxx?body=unsubscribe
Other related posts:
