topic Re: Spoof Mail 2 in Operating System - Linux

Spoof Mail 2

Leovino A. Trinidad, Jr — Tue, 18 May 2004 00:19:07 GMT

Hi!

Can you help me? Another problem of mine is, how can I block a mail that comes from a valid domain but uses an invalid user address no such account in the organization mail server)?

Regards,

LAT

Re: Spoof Mail 2

Alexander Chuzhoy — Tue, 18 May 2004 00:34:05 GMT

add a line to /etc/mail/access file
From:spammer@some.dom REJECT

then restart the sendmail service

Re: Spoof Mail 2

Leovino A. Trinidad, Jr — Tue, 18 May 2004 01:41:40 GMT

Hi!

Thanks for the reply but what I need is the spoofer is automatically blocked.

Regards,

LAT

Re: Spoof Mail 2

Alexander Chuzhoy — Tue, 18 May 2004 02:16:28 GMT

I use trendmicro's product. "InterScan eManager"
It has it's database (updated automatically).
Neverless I had to add to this database many e-mail addresses manually.

Re: Spoof Mail 2

Lee Hundley — Tue, 18 May 2004 16:39:41 GMT

Theres really no good way to do it, unless the originating domain's mail server has the VRFY or EXPN function still enabled.

Most sites disable this (and should) as it allows would-be attackers to verify account existance before attempting to exploit.

Re: Spoof Mail 2

Leovino A. Trinidad, Jr — Tue, 18 May 2004 21:02:37 GMT

hi!

To Alexander:
Thanks for the info. but actually we also have same antivirus system. Aside from manual feeding of spoof mail, I am looking for any other way to do it automatically (though other say there's no way).

To Lee:
I think it is not good to enable it. See http://www.burningvoid.com/iaq/expn-vrfy.html. It is security risk.

Regards,

LAT

Re: Spoof Mail 2

Steven E. Protter — Tue, 18 May 2004 22:25:08 GMT

I don't think You can do it.

Reason: would you let some computer on the other side of the world send out inquiries as to whether an email address is valid on your server or not?

No. As a matter of fact good sendmail administration requires us to specifically block those kind of inquiries because spammers and script kiddies use them to validate email addresses.

The best thing you can do is batton down the hatches, as you have done, maybe fire up spamassasin and teach your users how to not attract spam.

The biggest drop in spam I made happen was when I scoured my own webservers for email addresses. When I got those, the spam stopped flowing in.

Spammers aren't necessarily the smartest people in the world. As a matter of fact, many of them are quite stupid. If you deny them the obvious ways of getting email addresses, they'll go elsewhere.

SEP