[CLUE-Tech] My Open Relay (again)

Michael James Robbert mrobbert at mines.edu
Thu Sep 13 10:07:12 MDT 2001 

I have included a link to sendmail's Anti-Spam Configuration Control web 
page.  It should tell you what you need to do.  If you get somebody 
elses configuration file it probably isn't going to do what you need it 
to do.
http://www.sendmail.org/m4/anti-spam.html

You can also visit
http://www.mail-abuse.org/tsi/ar-fix.html
which is a link that I found in the ORDB.org FAQ under the question "How 
do I close my open relay?"  It eventually took me to the link above.

BUT, if you really think that your machine has been comprimised then you 
need to get it off the net and rebuild it.  If somebody was able to 
change your sendmail.cf then who knows what other backdoors have been 
placed on that system and possibly other systems on your network. 
Nothing on that machine is safe if it was comprimised!

David Willson wrote:

> To recap:
> My RHL 6.1 box, mailman.thegeek.nu, is in an 'open-relay' state.  I am not
> sure, but it may have been hacked into.  I believe that the modified file is
> /etc/sendmail.cf, but again I'm not sure.  I am looking for a quick fix,
> because I am actively being used as a spam relay, perhaps by the original
> hacker.  My long-term fix will be a scratch rebuild and data restore.
> 
> ----- Original Message -----
> From: "ian" <iguy at ionsphere.org>
> To: "David Willson" <DLWillson at thegeek.nu>
> Sent: Thursday, September 13, 2001 9:17 AM
> Subject: Re: [CLUE-Tech] My Open Relay (again)
> 
> 
> 
>>What's the problem now?
>>
>>ian
>>
>>On Thu, Sep 13, 2001 at 08:48:34AM -0600, David Willson wrote:
>>
>>>OK, I've tried installing the latest sendmail packages, but my system is
>>>
> so
> 
>>>hopelessly out-of-date that I fail dependencies.  I have decided that
>>>
> the
> 
>>>best fix is a re-build with the latest release of my favorite
>>>
> distribution
> 
>>>and all updates.
>>>
>>>...but I won't have time to do that for a few days at least, so...
>>>
>>>Does anyone have a known-good 'sendmail.cf' from RedHat 6.x?  I'm pretty
>>>sure that that's the file that was modified in order to open up my
>>>
> relay.
> 
>>>'Course, if I'm wrong, I'll be begging for help again...
>>>
>>>_______________________________________________
>>>CLUE-Tech mailing list
>>>CLUE-Tech at clue.denver.co.us
>>>http://clue.denver.co.us/mailman/listinfo/clue-tech
>>>
> 
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> 


-- 
Michael "Murph" Robbert
System Administrator for Math/CS
Colorado School of Mines, Golden, CO  80401-1887
Office: SH220
Office phone: 303-273-3786
Pager: 303-461-6543 or Text messages: murph_pager at bigfoot.com
Email: mrobbert at mines.edu

More information about the clue-tech mailing list