Mail Attack
Stephen Carville
stephen at totalflood.com
Tue Aug 23 18:32:32 UTC 2005
Jessica Zhu wrote:
> Hi,
>
> It looks like we are experiencing the mail attack now.
>
> In our maillog, we have a lot of User Unknown message like the following.
>
> Aug 23 11:52:25 s1 sendmail[2110]: j7NFqPL02110:
> <Oscard at mathforum.org>... User unknown
> Aug 23 11:52:25 s1 sendmail[2110]: j7NFqPL02110: from=<>,
> size=17601, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
> relay=mail.vis-inc.net [66.77.28.202]
>
> It looks like that all the from is <>, does anyone have the way to fight
> against it.
Someone may be trying a Non-Deliverable Relay (NDR). They send a
message to a nonsense address in your domain and set the Reply-To: to
the real victim. You bounce the message, effectivly delivering it for them.
I had a problem ith this a while back and solved it by setting up a
reciplient list. Anyone not on it is rejected which in postfix means is
get dropped on the floor never to be seen again.
--
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602
More information about the redhat-list
mailing list