North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Your opinion please on DOS attack ...

  • From: Andy Pitts
  • Date: Tue Aug 05 14:32:07 1997 
> From [email protected] Mon Aug  4 20:10 EDT 1997
> X-Sender: [email protected]
> Date: Mon, 04 Aug 1997 19:07:50 -0500
> To: [email protected]
> From: Larry Vaden <[email protected]>
> Subject: Your opinion please on DOS attack ...
> Mime-Version: 1.0
>
> Please excuse me if this is off topic;  if so, I would appreciate a pointer
> to the correct list.
>
> We've received a few thousand late this afternoon of email messages similar
> to the below.
>
> What do you make of this?  Is there a defense other than blocking the
> alleged IP range?
>
> Your opinion appreciated.
>
> Larry
>
> -----
>
> Aug  4 18:50:06 mail sendmail[29805]: SAA29805:
> <[email protected]>... User unknown
> Aug  4 18:50:06 mail sendmail[29805]: SAA29805: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
> Aug  4 18:50:07 mail sendmail[29786]: SAA29786:
> <[email protected]>... User unknown
> Aug  4 18:50:07 mail sendmail[29786]: SAA29786: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot03.msn.com [204.95.110.85]
> Aug  4 18:50:09 mail sendmail[29810]: SAA29810:
> <[email protected]>... User unknown
> Aug  4 18:50:09 mail sendmail[29810]: SAA29810: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
>
>

It is worth looking at the sendmail web page  (www.sendmail.org).  There are
some rule sets to help with spamming.  One will prevent relaying through your
site by rejecting any mail that does not originate or terminate within your
domain.  This will  stop any relying.

There is another rule set that will reject any mail if the domain in the
"From:" line does not resolve.  Although this will not stop all spam, it
does get a lot of it.  This all works with sendmail 8.6.

RBDC was for a time a favorite relay site for many and caused us no end of
trouble.  sendmail 8.6 and the anti-relaying patch stopped all that cold.
--
Andy Pitts                 : "Knowledge is a deadly friend
[email protected]         :  When no one sets the rules."
http://www.rbdc.com        :        --King Crimson--