Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

How to block at SMTP time domains that are not in my server?

  

 
exim users RSS feed   Index | Next | Previous | View Threaded


secmas at gmail

Aug 15, 2012, 9:35 PM

Post #1 of 4 (361 views)
Permalink
How to block at SMTP time domains that are not in my server?
Hello List,
would you be very kind to share a code on how to check at SMTP delivery
that the domain that is sending an email exist in the server?

I have seen some hackers that managed to know the password from an account
and then at SMTPATUH they send emails using a domain name that is not in
the server.

Or if you have a code where a mail that contains more than 10 AOL or YAHOO
addresses could be deleted and not send?

Thanks a lot in advance.

Regards,

Sergio Cabrera
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


maxsec at gmail

Aug 16, 2012, 12:20 AM

Post #2 of 4 (341 views)
Permalink
Re: How to block at SMTP time domains that are not in my server? [In reply to]
well first of all, change the passwd on the compromised account

then set the relaydomains parameter

http://serverfault.com/questions/335455/how-to-set-exim4-to-send-email-anywhere-but-only-from-authorised-users

so they can't forge the from address too much.

--
Martin Hepworth, CISSP
Oxford, UK


On 16 August 2012 05:35, Sergio <secmas [at] gmail> wrote:

> Hello List,
> would you be very kind to share a code on how to check at SMTP delivery
> that the domain that is sending an email exist in the server?
>
> I have seen some hackers that managed to know the password from an account
> and then at SMTPATUH they send emails using a domain name that is not in
> the server.
>
> Or if you have a code where a mail that contains more than 10 AOL or YAHOO
> addresses could be deleted and not send?
>
> Thanks a lot in advance.
>
> Regards,
>
> Sergio Cabrera
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


Lena at lena

Aug 16, 2012, 4:26 AM

Post #3 of 4 (336 views)
Permalink
Re: How to block at SMTP time domains that are not in my server? [In reply to]
> From: Sergio

> would you be very kind to share a code

> I have seen some hackers that managed to know the password from an account
> and then at SMTPATUH they send emails

http://lists.exim.org/lurker/message/20120217.130336.0dcc044b.en.html

> using a domain name that is not in
> the server.

Some of your honest users need to send with $sender_address_domain
not among your +local_domains. For example ...@ieee.org or
...-owner [at] yahoogroups

> Or if you have a code where a mail that contains more than 10 AOL or YAHOO
> addresses could be deleted and not send?

You need to block stolen passwords completely as soon as possible
instead of allowing part of spam leaking through your server continuously.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


cyborg2 at benderirc

Aug 16, 2012, 5:45 AM

Post #4 of 4 (339 views)
Permalink
Re: How to block at SMTP time domains that are not in my server? [In reply to]
Am 16.08.2012 13:26, schrieb Lena [at] lena:
>
>> Or if you have a code where a mail that contains more than 10 AOL or YAHOO
>> addresses could be deleted and not send?
> You need to block stolen passwords completely as soon as possible
> instead of allowing part of spam leaking through your server continuously.
>

That is so true. If you find a spammer, lock the account and contact the
rightfull owner after you cleared your mailqueue.
If he got the smtp password, the attacker will have the mainpassword too
, which will get even worse than sending spam.

> I have seen some hackers that managed to know the password from an account
> and then at SMTPATUH they send emails

They don't know, they steal it via a virus, trojan horse or phising attempt. Which must alert the accountowner to find out how he got hacked, in his own interest.


best regards,

Marius



--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.