Your opinion please on DOS attack ...

Andy Pitts andy at rbdc.rbdc.com
Tue Aug 5 06:05:21 UTC 1997


> From owner-nanog at merit.edu Mon Aug  4 20:10 EDT 1997
> X-Sender: ldv2 at texoma.net
> Date: Mon, 04 Aug 1997 19:07:50 -0500
> To: nanog at merit.edu
> From: Larry Vaden <vaden at texoma.net>
> Subject: Your opinion please on DOS attack ...
> Mime-Version: 1.0
>
> Please excuse me if this is off topic;  if so, I would appreciate a pointer
> to the correct list.
>
> We've received a few thousand late this afternoon of email messages similar
> to the below.
>
> What do you make of this?  Is there a defense other than blocking the
> alleged IP range?
>
> Your opinion appreciated.
>
> Larry
>
> -----
>
> Aug  4 18:50:06 mail sendmail[29805]: SAA29805:
> <_-MetHOd-MaN-_ at mail.texoma.net>... User unknown
> Aug  4 18:50:06 mail sendmail[29805]: SAA29805: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
> Aug  4 18:50:07 mail sendmail[29786]: SAA29786:
> <_-MetHOd-MaN-_ at mail.texoma.net>... User unknown
> Aug  4 18:50:07 mail sendmail[29786]: SAA29786: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot03.msn.com [204.95.110.85]
> Aug  4 18:50:09 mail sendmail[29810]: SAA29810:
> <_-MetHOd-MaN-_ at mail.texoma.net>... User unknown
> Aug  4 18:50:09 mail sendmail[29810]: SAA29810: from=<>, size=0, class=0,
> pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
>
>

It is worth looking at the sendmail web page  (www.sendmail.org).  There are
some rule sets to help with spamming.  One will prevent relaying through your
site by rejecting any mail that does not originate or terminate within your
domain.  This will  stop any relying.

There is another rule set that will reject any mail if the domain in the
"From:" line does not resolve.  Although this will not stop all spam, it
does get a lot of it.  This all works with sendmail 8.6.

RBDC was for a time a favorite relay site for many and caused us no end of
trouble.  sendmail 8.6 and the anti-relaying patch stopped all that cold.
--
Andy Pitts                 : "Knowledge is a deadly friend
andy at rbdc.rbdc.com         :  When no one sets the rules."
http://www.rbdc.com        :        --King Crimson--



More information about the NANOG mailing list