Re: EMERGENCY - need to secure my server against an ongoing SPAMMER

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Mon, 2005-03-14 at 12:47 +0000, Bob Brennan wrote:
> > SMTP_AUTH is the alternative method supported by Outlook, which is the
> > most commonly used MUA amongst my users so I will give that a try
> > next. My preference for pop-b4-smtp is that it requires only a single
> > tick in a box in most MUAs, and for grandma that in itself can be a
> > challenge ;-)
> >

On Tue, 22 Mar 2005 17:13:29 -0500, Rodolfo J. Paiz
<rpaiz@xxxxxxxxxxxxxx> wrote:
> SMTP AUTH should be supported by every MUA out there today, and with
> much less work than PBS. I have had a brief HOWTO on how to set this up
> available for about two years now, sorry you didn't find it before!
> 
> As I write this, I'm also posting a slightly revised and improved
> version of my "Sendmail SMTP AUTH HOWTO", although it has mostly small
> corrections and no major changes to content. You should definitely be
> able to make things work with this HOWTO! If not, let me know, OK?
> 
> You can find my HOWTO at:
> http://www.simpaticus.com/linux

Rodolfo,

As a matter of fact your link above was the one out of all that I
googled that really helped me out. Your HOWTO is precise and to the
point, it explained what I needed to know to *understand* the
sendmail.mc file.

One thing that is always a problem when experts advise subject-newbies
like me is the inevitable "read man xxx" or other document reference.
While this is helpful a lot of us are well into finding and reading
man pages but probably don't understand what is being said due to not
understanding the subject enough. Your webpage is a *most* welcome
explanation for those of us who want to learn by ourselves.

One point to add to your page is this text from sendmail.mc which I
found very important to finally get SMTP_AUTH running properly:

dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.

...and this line was critical, because there is no indication when
testing that this daemon not running is the problem:

dnl # Please remember that saslauthd needs to be running for AUTH. 

> As to your firewall issues, allow me to suggest that you spend a little
> time to download and learn Shorewall (http://www.shorewall.net). It will
> take you about 15 minutes using the Quick Guides available on the site
> to set up your first box. From then on, you can set up servers or
> gateways in less than two or three minutes, the thing is very flexible
> and powerful, and it is very easy to use.
> 
> If you want a quick-and-dirty description of how to configure Shorewall,
> check out my "Bare-Bones Server HOWTO" which you can find at the same
> address. One of the steps in setting up such a basic server is
> configuration of the firewall, which I cover very briefly.

I installed "firestarter" when working with iptables looked like I
might do more damage than good. It provides excellent GUI setup and
monitoring of blocked firewall attempts.

My final problems were resolved by using "ethereal" to see exactly
what the MUA was requesting when the authentication was failing. I
found that the extra authentication methods in the sendmail.mc default
line are not supported without extra effort and the MUA was requesting
an inactive method. Editing down to just LOGIN PLAIN forced the MUA to
request LOGIN, which works well. This is information I also got from
your HOWTO but didn't realise its importance until I saw the failures
using ethereal.

> Sorry I didn't see your message sooner! I've been away on a very long
> trip (I live in Guatemala, and I've been spending a week in the United
> Arab Emirates) and my Internet access was kind of spotty. So I'm
> starting to wade through the 11,000 messages as quickly as I can. :-/

Thanks for taking the time to help me, and thank you from a *lot* of
us on the HOWTO website you are building. It is well needed and well
appreciated.

bob


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux