[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] /etc/mail/access file being ignored

Subject: [cobalt-security] /etc/mail/access file being ignored
From: "Keith Ford" <keith@xxxxxxxxxxxxxxxx>
Date: Wed, 14 Jan 2004 14:05:43 -0600
Organization: MemberClicks
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Title: Message

Running a RaQ550. We've been fighting off a spammer since Friday. Then woke up this morning having been hacked. Early on we were noticing that the REJECT lines in /etc/mail/access were not being respected. The pop-before-relay seemed to be working but these spammers were still getting in. When we attempted to block their IPs, that is when we noticed the issue with /etc/mail/access.

One interesting note, when they would connect to our sendmail it would see their IP, but they were identifying themselves with a server name that was our IP address. Still not sure how they were pulling off the relay, as their IP was not in popip.db. Doesn't poprelayd only look at /var/log/maillog?

Anyhoo, just curious if anyone else has ventured down this road.

-keith

Follow-Ups:
- Re: [cobalt-security] /etc/mail/access file being ignored
  - From: Brian Rahill

Prev by Date: [cobalt-security] Qube3 VPN Vulnerability
Next by Date: Re: [cobalt-security] /etc/mail/access file being ignored
Previous by thread: [cobalt-security] Qube3 VPN Vulnerability
Next by thread: Re: [cobalt-security] /etc/mail/access file being ignored

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index