Re: Sendmail/LogWatch reports (may be forged)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Timothy Alberts wrote:
Greetings,

I am running a FC4 sendmail server and I've been trying forever to at
least limit some of the spam.  In this effort, I have been adding to the
Access control (/etc/mail/access) domains that are known to be mail
bombing my domain.  A few continue to evade the sendmail filtering and
are still getting through.  I know this because LogWatch reports:

Unknown Local Users
  invaliduser@xxxxxxxxxxxx
    from *.speedy.net.pe ... (may be forged)

This means that reverse DNS for this IP points to something.speedy.net.pe but a DNS lookup of something.speedy.net.pe does not resolve back to the same IP address (usually because the name doesn't resolve at all). So sendmail doesn't trust the name and won't use it for anything, noting this as "may be forged".

where * contains the specific client that continues to change.  My first
attempt to block them, I added to /etc/mail/access
speedy.net.pe	REJECT

to try and reject the problem domain.  This doesn't work because
LogWatch continues to report to me that mail is coming in.  I've tried
to reject on the IP as follows:

201.230.19.113	REJECT

but of course, they just changed IP address.

Can anyone explain to my the whole in my security that is allowing them
to get through and how to plug it?

Try blocking the entire network:

Connect:201.230		REJECT

Hope nobody in that part of Peru want to mail you though.

Paul.




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux