On Mon, Aug 19, 2002 at 12:59:25PM -0700, Rob Hudson wrote: > >----- Forwarded message from Tom Woods <[EMAIL PROTECTED]> ----- > >From: Tom Woods <[EMAIL PROTECTED]> >Date: Mon, 19 Aug 2002 12:14:54 -0700 (PDT) >To: [EMAIL PROTECTED] >Subject: spamming > > >my server is being used to spam. What can I do to stop this from >happening? I am fairly new to linux. Thanks for the help > >----- End forwarded message -----
I assume you are experiencing "relay rape", the spam is being propagated by third parties outside your network (if it's being done by users inside your network, stopping them is pretty straightforward :-). Your best approach to stopping spammers from abusing your mail server depends on what you need the server to do. If your users get their main mail from the Internet into your mail server, then you need to configure the mail server to accept local mail but not relay remote mail. You can get some good resources on doing this at http://www.mail-abuse.org/tsi/ If you do not need your mailserver to accept mail for your users, than it might be best not to run it in server mode. Sendmail certainly, and i believe most other Linux mail server software, can be set up to run on an as-needed basis to send outgoing mail, without listening for incoming mail. One piece of software i like for this mission is ssmtp; it cannot run as a server and is only sophisticated enough to take local mail and pass it off to a "smart host" (e.g. the mailserver of your ISP). If you let us know what mail server software you are using and what overall mission it needs to accomplish, we can give you some more advice. If your problem is not due to mailserver abuse but due to some other exploit (like the HTTP CONNECT exploit for web proxies that's been popular lately), get back in touch and we'll take it from there. If you're not sure how the spammers are doing it, see if you can find some spams with full headers (see http://www.efn.org/helpdesk/abuse/headers.shtml for some words on this), perhaps from abuse reports (you can edit out personal details if you like), and we'll try to diagnose it. -- if(rp->p_flag&SSWAP) { rp->p_flag =& ~SSWAP; aretu(u.u_ssav); }
