Fabio Milano wrote:
Hi,
I have heard alot about people hijacking email servers and using it
for SPAM relaying? Any advice on how to prevent this?
Some of it cannot be prevented, really. If they send an email to a bad
address at your server, with return path to the actual person they want
the spam to go to, when your server bounces it, it sends it to the
return path which is the person they wanted to get the spam in the first
place (I know, that sentence doesn't make much sense to me, either).
They can of course brute-force weak email passwords to use your SMTP
services to relay messages. There are a few different ways to send
through someone else's server. The chkuser patch was implemented to fix
a couple of these holes, and smtp-auth was put in to plug another smtp
hole. Unless you have a specific example, the only other way I can think
of to "hijack" a mail server is by obtaining a user or root's password
if it's a weak one.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
