Spam problems

Paul Robinson paul at iconoplex.co.uk
Wed Jun 18 15:01:34 BST 2003


On Wed, Jun 18, 2003 at 12:19:37PM +0100, Paul Truran wrote:

> I'm running a freebsd 4.5 system on my cable modem connection, 


cd /usr/ports/net/cvsupit; make install

Then read the handbook sections on building a new world and kernel. You'll 
thank me one day. :-)

> with sendmail as a mail server.  

http://www.exim.org - again, you'll thank me one day. Although some people 
will tell you postfix or qmail is better, they're wrong. :-)

> Obviously it is not set to relay mail, but that doesn't 
> stop people from trying, as you might expect.  It might also have something 
> to do with the fact that I asked one of my colleagues to test the security on 
> my system, which he did by putting my host name on a hacking site, and 
> inviting people to attack it, but that is another story ;-)

Riiiight. You could have him up under Computer Misuse Act for that, but like 
you say...
 
> trying many times a day for the past month.  I have traced the IP back to 
> somewhere in china, so I figure there isn't much point in reporting it to 
> them.  In any case, I'm not too worried, as my system is fairly secure (I 

It's probably a bot trying to send a test message through. Once it gets back 
through to the bot, it knows it has found an open relay, and then it'll 
flood you with thousands of messages. Don't play with it - inform NTL or 
Telewest or whoever, give them the IP and tell them to block it at the 
border if they can. It's in everybody's best interests.

> hope!)  However, purely out of curiosity, I was wondering if there is any way 
> to accept these messages, just so I can see what exactly it is they are 
> trying to send.  Probably some spam crap, but I would still be interested to 
> know.  Apparently there is probably some way to configure a rule for sendmail 
> to accept the messages so I can see what is in them.  Any guidance on how to 
> do so would be appreciated.

DO NOT DO THIS:

The trick here is to go "queue_only" in exim - no local deliveries, no 
remote deliveries, just queue it up. Then open the box up to relay from 
everybody. Watch your queue fill. Look at the spools. 

You know what curiosity did to the cat? You wouldn't believe what it'll do 
to your FBSD box and cable connection... don't even try. If you don't know 
how to go queue only in sendmail, I personally don't think you're ready to 
try this. Please, just give the IP to your provider to block and let it go 
away.

-- 
Paul Robinson




More information about the Ukfreebsd mailing list