[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Should I worry - How to block?
- Subject: Re: [cobalt-security] Should I worry - How to block?
- From: "John Meyerhofer" <jmeyerhofer@xxxxxxxxxxx>
- Date: Wed, 12 Dec 2001 10:44:31 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-> "Sounds like a good idea. You could of course block this IP-address or
the entire address range of the originating ISP instead."
How would one go about doing this on a Qube 3?
---------------------- Forwarded by John Meyerhofer/Mpc/MetLife/US on
12/12/2001 09:40 AM ---------------------------
"Michael Stauber" <cobalt@xxxxxxxxxxxxxx>@list.cobalt.com on 12/12/2001
08:53:55 AM
Please respond to cobalt-security@xxxxxxxxxxxxxxx
Sent by: cobalt-security-admin@xxxxxxxxxxxxxxx
To: cobalt-security@xxxxxxxxxxxxxxx
cc:
Subject: Re: [cobalt-security] Should I worry
Hi Audric,
> During the last few days I got hundreds of these:
>
> Dec 12 09:04:08 qube3 sendmail[20950]: NOQUEUE: mrh.rcmail.com
[216.54.1.19] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> should I worry.
Jepp. Could be that someone connected manually to your sendmail port and
is/was trying to trick it into doing bad stuff.
You can test it out by using "telnet <your.ip.address> 25". Sendmail will
then greet you and expects to talk to a mail programm or other mail server.
You can basically send emails that way by just typing the commands that
Sendmail expects during a normal mail connection, or by letting a script
generate them.
The error message above (did not issue MAIL/EXPN/VRFY/ETRN) tells us that
the connecting party got past the initial "HELO" greeting, but then didn't
behave as sendmail expected.
> Meanwhile I changed the default rule of my firewall from accept
> to deny.
Sounds like a good idea. You could of course block this IP-address or the
entire address range of the originating ISP instead.
--
With best regards,
Michael Stauber
SOLARSPEED.NET
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security