September 10th, 2002, 05:48 AM
Spam mail problem
I provide free web based e-mail access to the users of my server. This is done in 2 ways, the one that my users have access to is a PHP based interface for my sendmail server. Anyways, I recently got an e-mail from somebody at hotmail claiming that I was spamming them and that it had to cease or I would be sued. I don't think she was really going to sue me, and if she did she probably wouldn't get much money. But I just wanted to ask if anybody here had any ideas on how to stop spammers from using my server, I don't know how to see who it is. I wasn't using authentication before as users were actually users of my free web hosting service, and were required to login for that, so I didn't make them login in or anything for the PHP based web mail. Anyways, I know that I won't be able to figure out who the spammers were, but I was wondering if anybody could help me find some options to keep spammers from using my server. Thanks and bye.
September 10th, 2002, 06:07 AM
do you have authentication required for fowarding. set it to use the same as pop and your real users will not see a difference. Even if your set-up requires you to use an additional password, that can be saved in the client of the user. If you don't your going to find allot of networks will not be accepting mail from you.
(sorry i just re-read your post...all mail user must authenticate, there is no other really workable option unless you want to be a spam host.)
check your logs to see the actual ip address of the spammer. black hole (if feasible) the entire subnet at your router. (drop all incoming packets)
use something like samspade and track it down and if its domestic, or in a friendly country, report it. it may help and it sure cant hurt.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
September 10th, 2002, 02:40 PM
Are you or one of your customers running formmail.pl? Do you know if your mail ports are allowing open relays?
September 10th, 2002, 02:54 PM
Another thing you need to look at is whether or not your smtp server allows mail relay. I can see from your message that you are using sendmail and until very recently, the default configuration for sendmail was to allow mail relay with no restrictions. A person on the internet could then use this configuration to 'bounce' mail off of your server, making it appear that it came from you, when in essense it did not. Check for /etc/mail/relay-domains. This contains a list of domains/computers that are allowed to use your system as a relay point, if you don't have one this is a probable problem.
Detoxsmurf also had a point about checking formmail.pl; however, there are other known issues with other sample files that could be similarly abused. Check your installation to make sure no samples are present or that they are unreadable by your webdaemon.
Finally, if you have done this and still find nothing, I would like to see what the email header looked like that the person complained about. It is possible that someone spoofed the first part of the email header to make it appear that the traffic originated from your computer, but when in reality the actual connection was in the middle of the header conversation.
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
September 10th, 2002, 04:47 PM
Have you checked the SpamAssassin pkg? According with the description of the pkg, it validates the incoming messages (based on MAPS RBL or something like that) and prevents the reception of SPAM... Think I'd seen it on freshmeat.net
Also check http://ordb.org and http://mail-abuse.org
September 10th, 2002, 06:16 PM
SpamAssassin is moreso for incoming SPAM. Not outbound...
Did the person from hotmail not send you the email message that was supposedly SPAM? If you received that you should be able to figure out who the SPAMmer is. If you did not get the original message along with headers and everything else, I would not worry about it. Although, doing all of the things listed above about closing an open relay should be done as it is the proper thing to do.