- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Potential Security/spam relay issue with sendm...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 04:47 AM
тАО01-22-2004 04:47 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
In the thread:
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=364287
You wanted to block certain ip addresses.
Please post the methodology you used to find them. I've been log hunting but not getting enough.
Perhaps I need to increase sendmail log levels.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 05:09 AM
тАО01-22-2004 05:09 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
Looking at the various items, sometimes I get the source ip address of the smtp connection, sometimes not.
Is there anything I can do to always get that address?
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 06:38 AM
тАО01-22-2004 06:38 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
You might have to run a script that parses the logs, looking at the "hostname" and doing a dig to determine the ip address...
All though I did find this on google:
Add this to your
sendmail.cf file:
# Force Sendmail not to resolve host names
O ServiceSwitchFile=/etc/nsswitch.conf
Then create the file /etc/nsswitch.conf and populate it with:
# ServiceSwitchFile to tell Sendmail not to use DNS
hosts /etc/hosts
Don't know if that will work with current sendmail...
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 06:41 AM
тАО01-22-2004 06:41 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
I think I led you astray.
I'm not getting hostnames or ipaddresses on a lot of entries.
I think thats becasue they are being triggered by misuse of the formscript and the events are internal.
I guess I need to track the event back to a usable ip address.
I've stopped the spam,now I'm trying to stop the violations because they are filling up my log files.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 06:53 AM
тАО01-22-2004 06:53 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
So when you do something like:
grep relay maillog |awk -F[ '{print $3}'
There are no ip's?
Rgds...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 07:05 AM
тАО01-22-2004 07:05 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
I looked at the access_log on the website.
Matched it up against the maillog.
A particular IP address has been running formscript.cgi.
It matches up against almost every spam relay attempt in the past month.
The page that contains the form has not been accessed.
I am adding the IP address to my access file but will probably have to block that user at the firewall.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-22-2004 07:14 AM
тАО01-22-2004 07:14 AM
Re: Potential Security/spam relay issue with sendmail BIND and apache named based virtual hosting.
Rgds...Geoff
- « Previous
-
- 1
- 2
- Next »