nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Your opinion please on DOS attack ...

From: Andy Pitts <andy () rbdc rbdc com>
Date: Tue, 5 Aug 1997 02:05:21 -0400 (EDT)
From owner-nanog () merit edu Mon Aug  4 20:10 EDT 1997
X-Sender: ldv2 () texoma net
Date: Mon, 04 Aug 1997 19:07:50 -0500
To: nanog () merit edu
From: Larry Vaden <vaden () texoma net>
Subject: Your opinion please on DOS attack ...
Mime-Version: 1.0

Please excuse me if this is off topic;  if so, I would appreciate a pointer
to the correct list.

We've received a few thousand late this afternoon of email messages similar
to the below.

What do you make of this?  Is there a defense other than blocking the
alleged IP range?

Your opinion appreciated.

Larry

-----

Aug  4 18:50:06 mail sendmail[29805]: SAA29805:
<_-MetHOd-MaN-_ () mail texoma net>... User unknown
Aug  4 18:50:06 mail sendmail[29805]: SAA29805: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
Aug  4 18:50:07 mail sendmail[29786]: SAA29786:
<_-MetHOd-MaN-_ () mail texoma net>... User unknown
Aug  4 18:50:07 mail sendmail[29786]: SAA29786: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot03.msn.com [204.95.110.85]
Aug  4 18:50:09 mail sendmail[29810]: SAA29810:
<_-MetHOd-MaN-_ () mail texoma net>... User unknown
Aug  4 18:50:09 mail sendmail[29810]: SAA29810: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]




It is worth looking at the sendmail web page  (www.sendmail.org).  There are
some rule sets to help with spamming.  One will prevent relaying through your
site by rejecting any mail that does not originate or terminate within your
domain.  This will  stop any relying.

There is another rule set that will reject any mail if the domain in the
"From:" line does not resolve.  Although this will not stop all spam, it
does get a lot of it.  This all works with sendmail 8.6.

RBDC was for a time a favorite relay site for many and caused us no end of
trouble.  sendmail 8.6 and the anti-relaying patch stopped all that cold.
--
Andy Pitts                 : "Knowledge is a deadly friend
andy () rbdc rbdc com         :  When no one sets the rules."
http://www.rbdc.com        :        --King Crimson--
Previous By Date Next
Previous By Thread Next

Current thread: