on Thu, Apr 18, 2002, Osamu Aoki ([EMAIL PROTECTED]) wrote: > Hi, > On Thu, Apr 18, 2002 at 09:57:45PM -0500, will trillich wrote: > > debian-users: i've got what may be a nasty situation about to > > happen. any pointers welcome... > > > > just got a 'heads up' from an ally at my isp that someone's > > reported "dontUthink.com" as a spammer. i'm running debian > > potato/exim-- > > > > Exim version 3.12 #1 built 03-Jan-2002 02:45:13 > > Copyright (c) University of Cambridge 1999 > > First thing is confirm nature of complaint by talking to ISP.
Ditto. Specifically, headers or IPs in question.
> I suspect some open relay issue.
I suspect spoofed headers. Very easy to do, and many tools don't handle
spoofed domains well. I report *to* them, but make clear in my response
message that this is an either-or case. Your ISP may not be
distinguishing this here.
> EXIM or any MTA can be used as open relay if it is not configured
> right. But configuration can be tricky.
With exim it's fairly straightforward. Look for the value of:
#relay_domains =
...in /etc/exim/exim.conf.
> > how can i be sure that i've not been cracked and am unbeknownst
> > to me broadcasting/relaying email for others? surely there's
> > something better than just 'sniffit' and waiting for something
> > to happen...
apt-get install chkrootkit
...not bulletproof, but good for common stuff.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Keep software free. Oppose the CBDTPA. Kill S.2048 dead.
http://www.eff.org/alerts/20020322_eff_cbdtpa_alert.html
pgpmrDqliCCDS.pgp
Description: PGP signature
