[luau] Blocking mail relayers
Erich S.
sharky at websharx.com
Wed Sep 25 15:20:01 PDT 2002
On Wed, 25 Sep 2002, Mike Ballon wrote:
> Sendmail does NOT need to be restarted when updating the access file, it
> does need to be built of course 'make access.db' but that's it.
>
> I'd like to see a snip of the maillog to see if he was actually being
> allowed to relay though.
>
Hmmm I didn't do a 'make access.db', I did a '/sbin/service sendmail
restart'. Does that force a 'make access.db'?
Anyway, here's a partial snippet of maillog. There were quite a few
attempts, each appearing to use different namesets within my domain.
==============================================================
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <showman at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <martinet at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <donblack at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <bradman at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <poden at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <wtang at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <bruening at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <riverside at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <kjoseph at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: <kellee at websharx.com>... User unknown
Sep 23 02:01:44 tiger sendmail[27409]: g8NC1eV27409: from=<john at blaze.bc.ca>, size=0, class=0, nrcpts=0, proto=SMTP,
daemon=MTA, relay=rlkal1a046.comtech-data.se [194.198.208.46] (may be forged)
==============================================================
After putting in the hosts.deny entry, restarting XINETD and putting in
the entry in /etc/mail/access, and restarting sendmail. This is what turns
up in the log about every 20 minutes or so:
==============================================================
Sep 25 13:07:10 tiger sendmail[31999]: g8PN79P31999: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9,
relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied
Sep 25 13:07:11 tiger sendmail[31999]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged)
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Sep 25 13:51:22 tiger sendmail[32024]: g8PNpLP32024: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9,
relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied
Sep 25 13:51:25 tiger sendmail[32024]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged)
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Sep 25 14:36:46 tiger sendmail[32062]: g8Q0agP32062: ruleset=check_relay, arg1=rlkal1a009.comtech-data.se, arg2=194.198.208.9,
relay=rlkal1a009.comtech-data.se [194.198.208.9] (may be forged), reject=550 5.7.1 Access denied
Sep 25 14:36:47 tiger sendmail[32062]: NOQUEUE: rlkal1a009.comtech-data.se [194.198.208.9] (may be forged)
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
==============================================================
Not sure what else I can do. Most Euro's I've dealt with are scum so being
able to block this dood is at least gratifying in a small way. Euro's like
to talk big about the evil USA but to date most problems I've had with
outside intruders have been from Euro's who seem to have nothing better to
do with their time.
Thanks all for the comments and advice. And sorry if this type of dialogue
isn't very interesting...I'll try and think of a obligatory MS Bash or
Linux Boast later when I'm finished having fun learning this stuff.
(tongue placed firmly in cheek)
Sharky
More information about the LUAU
mailing list