From owner-nanog@merit.edu Mon Aug 4 20:10 EDT 1997 X-Sender: ldv2@texoma.net Date: Mon, 04 Aug 1997 19:07:50 -0500 To: nanog@merit.edu From: Larry Vaden <vaden@texoma.net> Subject: Your opinion please on DOS attack ... Mime-Version: 1.0
Please excuse me if this is off topic; if so, I would appreciate a pointer to the correct list.
We've received a few thousand late this afternoon of email messages similar to the below.
What do you make of this? Is there a defense other than blocking the alleged IP range?
Your opinion appreciated.
Larry
-----
Aug 4 18:50:06 mail sendmail[29805]: SAA29805: <_-MetHOd-MaN-_@mail.texoma.net>... User unknown Aug 4 18:50:06 mail sendmail[29805]: SAA29805: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79] Aug 4 18:50:07 mail sendmail[29786]: SAA29786: <_-MetHOd-MaN-_@mail.texoma.net>... User unknown Aug 4 18:50:07 mail sendmail[29786]: SAA29786: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=upsmot03.msn.com [204.95.110.85] Aug 4 18:50:09 mail sendmail[29810]: SAA29810: <_-MetHOd-MaN-_@mail.texoma.net>... User unknown Aug 4 18:50:09 mail sendmail[29810]: SAA29810: from=<>, size=0, class=0, pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
It is worth looking at the sendmail web page (www.sendmail.org). There are some rule sets to help with spamming. One will prevent relaying through your site by rejecting any mail that does not originate or terminate within your domain. This will stop any relying. There is another rule set that will reject any mail if the domain in the "From:" line does not resolve. Although this will not stop all spam, it does get a lot of it. This all works with sendmail 8.6. RBDC was for a time a favorite relay site for many and caused us no end of trouble. sendmail 8.6 and the anti-relaying patch stopped all that cold. -- Andy Pitts : "Knowledge is a deadly friend andy@rbdc.rbdc.com : When no one sets the rules." http://www.rbdc.com : --King Crimson--