[KLUG Members] Question about spam..

[Orien Vandenbergh]

--zhXaljGHf11kAtnf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sun, 10 Mar 2002, Owner wrote:

> I've been reading the list for a while now, I was wondering if there was any
> email programs out there for linux, that would help eliminate the massive
> amounts of spam I recieve to my domain. Like maybe an incomming server that
> checks the originating email address for validity before allowing the mail
> to come thru? I have been subjected to thousands of spam a week, a few weeks

Yes your machine can be configured to severely decrease the amount of
spam you are presently suffering from.  According to your statement
below, you are not running an smtp server.  I am assuming that this is
on the machine that got cracked, and not the machine that has been
receiving the spam.  If your spam problem is coming directly to your
(and your users) accounts, then there are 2 ways to fix the problem.
You can either configure `procmail' to perform rudimentary spam checking
on a per-user basis, or you can configure sendmail (I am assuming that
you are using sendmail), to use some of the spam prevention technologies
that are available.  Generally this would be a massive pain in the
proverbial behind to do, but fortunately, a friend of mine just finished
building an rpm that comes pre-configured to check against 5 different
spam blacklists, in addition to performing some other anti-spam checks.
You can download his rpm here:

<http://www.voltar.org/jRPMS/i386.rpm/sendmail-8.12.2-10.jet.i386.rpm>

It is built against glibc-2.2.4 so you shouldn't have any major problems
with it.  When you attempt to install the rpm you will receive some
conflicts with the `sendmail-cf' package, so you'll need to either
uninstall that, or install the new sendmail package with the --force
option.  This should help to solve your spam issues.

> ago I had a server that got compromised by someone using the alias "MAILMAN"
> and after tracking down some things that he uploaded and installed on my
> server I
> managed to track him down as comming from this domain. www.snipermail.com
> Now im wondering how many  times this has happend, and if he got ahold of my
> users list? well any way. if anyone knows how to relieve me of massive
> spamming please let me know.
> you can reach me at hahah this list...by the way I was running redhat 7.2
> with out telnet running also no smtp on this particular server. he used an
> exploit to get root access.. only took him 2 mins to completely F&&* things
> up.. pretty nice of him..

Now as far as your little cracker friend.  If this is a default install
of 7.2 you are definitely asking for more visits from black hats.  Since
the 7.2 release, there have been numerous security vulnerabilities
discovered in many "safe" applications, including ssh.  So, for starters
I would recommend updating your RedHat install, and registering your
computer with the RedHat network.  Then they will email you as new
packages are released, which correct all sorts of security issues.
There are many other changes you can make to improve your security
against crackers, but this will protect you against 90% of them.  I can
probably go into more detail if you want, but I'll leave this here for
now.

Orien Vandenbergh
Unix Administrative and Programming Services.
orien@ivelop.com

--zhXaljGHf11kAtnf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8i6c1JXVsQQGwCaARAjMrAJ9dVa1AGi1hpmhJHPH36JixxrISFwCgpCaD
UkxVLYvtk8rL1o7Z8ystevo=
=WhHy
-----END PGP SIGNATURE-----

--zhXaljGHf11kAtnf--