Sluggers
I have noticed over that last few days that some slime ball is using
our sendmail 8.9.3 mail server as a relay.
I have checked the anti-relaying configuration of it and it appears,
to me anyway, to be ok.
If I place the source domain into /etc/access
ie: hichina.com REJECT
I get the Access Denied message which is ok (no more spamming) but
probably not the correct solution (Another doman will probably appear
in a few days to spam some more).
On checking the log I noticed:
Feb 7 10:15:13 gatekeeper sendmail[16323]: KAA16323:
from=<[EMAIL PROTECTED]>, size=702, class=0, pri=30702, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
relay=localhost [127.0.0.1]
(gatekeeper.mydomain.com.au is my mail server.
So I assumed that the spammer is using the address 127.0.0.1
(localhost) as the address that the mail is
coming from.
I changed the line in /etc/access for localhost to REJECT and this
also cured the spamming problem (Now geting Null connections from
localhost). Normal mail appears to be getting through ok.
I feel that this is the wrong thing to do.
Question: What other configuration could I use to stop this spamming ?
Regards
SK
__________________________________________________________________
Get your free Australian email account at http://www.start.com.au
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
