HPE Community
Operating System - Linux
1830207 Members
2187 Online
109999 Solutions
New Discussion

Spoof Mail 2

 
Leovino A. Trinidad, Jr
Frequent Advisor

‎05-17-2004 05:19 PM

‎05-17-2004 05:19 PM

Spoof Mail 2

Hi!

Can you help me? Another problem of mine is, how can I block a mail that comes from a valid domain but uses an invalid user address no such account in the organization mail server)?

Regards,

LAT
0 Kudos
Reply
6 REPLIES 6
Alexander Chuzhoy
Honored Contributor

‎05-17-2004 05:34 PM

‎05-17-2004 05:34 PM

Re: Spoof Mail 2

add a line to /etc/mail/access file
From:spammer@some.dom REJECT

then restart the sendmail service
0 Kudos
Reply
Leovino A. Trinidad, Jr
Frequent Advisor

‎05-17-2004 06:41 PM

‎05-17-2004 06:41 PM

Re: Spoof Mail 2

Hi!

Thanks for the reply but what I need is the spoofer is automatically blocked.

Regards,


LAT
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎05-17-2004 07:16 PM

‎05-17-2004 07:16 PM

Re: Spoof Mail 2

I use trendmicro's product. "InterScan eManager"
It has it's database (updated automatically).
Neverless I had to add to this database many e-mail addresses manually.
0 Kudos
Reply
Lee Hundley
Valued Contributor

‎05-18-2004 09:39 AM

‎05-18-2004 09:39 AM

Re: Spoof Mail 2

Theres really no good way to do it, unless the originating domain's mail server has the VRFY or EXPN function still enabled.

Most sites disable this (and should) as it allows would-be attackers to verify account existance before attempting to exploit.
It is my firm belief that it is a mistake to hold any firm beliefs
0 Kudos
Reply
Leovino A. Trinidad, Jr
Frequent Advisor

‎05-18-2004 02:02 PM

‎05-18-2004 02:02 PM

Re: Spoof Mail 2

hi!

To Alexander:
Thanks for the info. but actually we also have same antivirus system. Aside from manual feeding of spoof mail, I am looking for any other way to do it automatically (though other say there's no way).

To Lee:
I think it is not good to enable it. See http://www.burningvoid.com/iaq/expn-vrfy.html. It is security risk.

Regards,

LAT
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-18-2004 03:25 PM

‎05-18-2004 03:25 PM

Re: Spoof Mail 2

I don't think You can do it.

Reason: would you let some computer on the other side of the world send out inquiries as to whether an email address is valid on your server or not?

No. As a matter of fact good sendmail administration requires us to specifically block those kind of inquiries because spammers and script kiddies use them to validate email addresses.

The best thing you can do is batton down the hatches, as you have done, maybe fire up spamassasin and teach your users how to not attract spam.

The biggest drop in spam I made happen was when I scoured my own webservers for email addresses. When I got those, the spam stopped flowing in.

Spammers aren't necessarily the smartest people in the world. As a matter of fact, many of them are quite stupid. If you deny them the obvious ways of getting email addresses, they'll go elsewhere.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.