>I don't know if the group has talked about this before but I have noticed
>recently that all of my users are getting spam'd with sex related email.
>This hasn't been a problem until now.
Are you sure "now" hasn't been going on for some time, building up
gradually, and you just now noticed it?
>Even the admin accounts I use even
>get it and they are never published. Is there something I have setup wrong
>that is letting people just email all of my users?
Hard to say for sure. A "dictionary" attack on a mail server can "harvest"
mail accounts by throwing a "dictionary" of names, including of course
generic names like sales@, info@, support@, but such an attack would also
cause a ton of "user unknown" reject lines to show up in your logs, so as
always surfing the logs is a frequent requirement to see what's really
going on out there.
Dictionary attacks go faster if you have the SMTP VRFY permitted.
If your users participate in mailing lists, then certainly their names are
in spammers lists. Maybe a sex outfit bought or stold a list that happened
to have a bunch of your user on it.
ie, it' quite hard to say for sure, starting with the question if there is
really has been a big increase in spam in a short time, or is it just that
it has existed/built up for a while and you've just noticed it.
>It there a program that asks my mail server who all my user accounts are?
SMTP VRFY does exactly that, or the brute force 'spam them and see what
doesn't bounce'. You can see why the Imail NOBODY alias is dangerous: it
never rejects mail.
>How does this work and more importantly how to I prevent this?
see above, turn off SMTP VRFY command.
Len
Len
http://BIND8NT.MEIway.com: ISC BIND 8 installable binary for NT4
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
