nixCraft
required linux email help
This is a discussion on required linux email help within the Linux software forums, part of the Linux Getting Started category; Please find below a header of mail which I have received from a fake user. The Email id used is ...
|
|||||||
| Register | FAQ | Members List | Calendar | Mark Forums Read |
06-19-2006, 09:44 AM
|
|||
|
|||
required linux email help
Please find below a header of mail which I have received from a fake user. The Email id used is Hoy@ Kbl.co.in.
How anybody can use our domain to create an Email ID without our notice ? As this mail comes from a trusted source ie KBL.co.in. it dose not get restricted by any spam rule. I am using linux email ie sendmail, washigton imap/pop3 and \ mailscanner software for spam control. Can anybody suggest solution for this problm. Headers: Received: from dawid-ooj33vq5w (X34216X26.jaskom.pl [195.34.216.26]) by lux.kbl.co.in (8.12.9/8.12.9) with SMTP id k53EkI5O017209 for <avinashpurandare@kbl.co.in>; Sat, 3 Jun 2006 20:16:27 +0530 Received: from [148.113.39.167] (port=4666 helo=[148.113.39.167]) by kbl.co.in with esmtp id Zvfya8-A9U118-15 for avinashpurandare@kbl.co.in; Sat, 03 Jun 2006 09:57:00 +1100 Reply-To: Patti <HOy@kbl.co.in> Message-ID: <32265457.20060603095700@kbl.co.in> From: Patti <HOy@kbl.co.in> To: <avinashpurandare@kbl.co.in> Subject: L00king health? Date: Sat, 03 Jun 2006 09:57:00 +1100 MIME-Version: 1.0 Content-Type: text/html X-Priority: 1 X-Mailer: The Bat! (v3.71.03) Professional X-Spam: Not detected X-KBL-MailScanner-Information: Please contact the ISP for more information X-KBL-MailScanner: Found to be clean X-KBL-MailScanner-From: hoy@kbl.co.in X-Spam-Status: No Status: 
|
| Sponsored Links | ||
|
|
|
06-19-2006, 05:20 PM
|
||||
|
||||
|
This is called Phishing attack aka email spoofing. Basically attacker forging id of your company's email address to get users to trust and open a message.
Personally, we use domainkeys for our email servers. Other major service providers such as Gmail, Yahoo and others use same technique. To stop this fraud/phishing attacks, I recommend configuring domainkeys. See more information @ Yahoo domainkeys page: http://antispam.yahoo.com/domainkeys Domainkeys is an excellent solution but it requires some expertise to configure it properly. It seems that you don’t have proper mail relay control configured. Only computers/hosts in /etc/mail/access should allowed to send an email via your server. Open this file and add IP address or subnet of your companies computes. Next configure spam black list Open /etc/sendmail.mc and add following lines: Code:
FEATURE(`dnsbl', `ipwhois.rfc-ignorant.org',`"550 Mail from " $&{client_addr} " refused. Rejected for bad WHOIS info on IP of your SMTP server - see http://www.rfc-ignorant.org/"')
FEATURE(`dnsbl', `proxies.blackholes.easynet.nl', `"550 5.7.1 ACCESS DENIED to OPEN PROXY SERVER "$&{client_name}" by easynet.nl DNSBL (http://proxies.blackholes.easynet.nl/errors.html)"', `')dnl
FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl
FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"')
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://spamhaus.org/')dnl
Hope this helps
|
|
06-19-2006, 05:50 PM
|
|||
|
|||
|
@Monk as usual you got nice info.
Also consider check_rcpt option: http://www.sendmail.org/~ca/email/check.html#check_rcpt
|
|
06-20-2006, 10:04 AM
|
|||
|
|||
|
Quote:
|
|
06-20-2006, 01:20 PM
|
|||
|
|||
|
Open sendmail.cf file and make sure following line exists
Code:
FEATURE(`access_db’) Code:
domain.co.in relay To reject email or IP add id/ip and say reject Code:
111.11.11.22 REJECT spammer@abc.com REJECT
|
 |
| Bookmarks |
«
How to save history of a hung terminal
|
Device eth0 does not seem to be present error and solution
»
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Automated email | srinivasantarvedi | CentOS / RHEL / Fedora | 4 | 04-14-2008 07:26 PM |
| Email Server, suggestions? | s1lent | Mail Servers | 7 | 03-09-2008 09:46 AM |
| squid report required | jhn_daz@yahoo.com | Networking, Firewalls and Security | 1 | 02-11-2008 04:31 PM |
| Help in setting up an email server and net gateway | ricc | Mail Servers | 2 | 01-04-2007 09:33 AM |
| How to forward an email to other account | tom | Getting started tutorials | 2 | 09-25-2005 08:58 PM |
All times are GMT +5.5. The time now is 06:15 PM.
