Re: [vps-mail] Question about Sendmail/Spammers

[Abigail Marshall <abigail@xxxxxxxxxxxx>]

Thanks for the detailed explanation. I've changed the
server name to www.mydomain.com now - which at least
gives me some peace of mind knowing that mail to
mydomain.com isn't being misdirected. It won't help
with the spammers though -- I followed your
instructions to telnet in, and the first thing the
server did was tell me its new name... which of course
the spammers could pick up. 

Also, entering a period on a line by itself didn't end
the conversation. No big deal, but there must be
another way that I don't know about.

On another note, what if I used the hosts.allow file
to stop telnet access from all sources other than my
own IPs? Is there any legit reason for any
unauthorized user to ever telnet the server? 

In fact, is there any reason for ME to use telnet - I
always use SSH from my desktop - but I haven't figured
out how to use SSH for a connection from a session on
one VPS to another. (I can connect, but I can't
provide the other server with a correct user name) The
only reason I ever need to do this is for convenience,
of course -- or to go through little exercises like
the one you detailed above.

-Abigail


-Abigail


--- Bennett Lanford <ben@xxxxxxxxxxxxx> wrote:
> On Mon, April 4, 2005 6:19 pm, Abigail Marshall
> said:
> >
> > So my question is - technically speaking - is
> there a way
> > that spammers get around or avoid mx records,
> connecting
> > directly with the server on the basis of host
> name?
> 
> It is very simple--and used by many spammers. You
> can simulate what
> spammers do. Here is how to do it:
> 
> From a command line on one of your other servers,
> telnet to mydomain.com's
> port 25:
> 
> % telnet mydomain.com 25
> 
> Your VPS1 will issue a greeting. Then issue the
> following commands from
> within the telnet session. (I show only your side of
> the conversation; the
> server will respond to each command you issue)
> 
> ehlo aol.com
> mail from:<abigail@xxxxxxx>
> rcpt to:<someone@xxxxxxxxxxxx>
> data
> {Now enter the text of the mail message. This can
> include any "to" and
> "from" headers of your choosing, subject headers,
> etc.--whatever you want.
> Then finish the conversation with a period at the
> beginning of a line all
> by itself.}
> 
> You'll probably need to type "quit" to end the
> smtp/telnet session.
> 
> If your VPS1 accepts the "rcpt to:" command above,
> then you probably ought
> to try to get your VPS1 to remove it from class w
> ($=w) -- the set of all
> domains that the VPS1 *thinks* it receives mail for.
> (This is a fairly
> common problem when two different servers are used,
> one for mail and one
> for web service.)
> 
> On the web server that formerly received mail for
> mydomain.com, removing
> mydomain.com from the local-host-names file might
> not be enough to
> convince sendmail that mydomain.com is not a local
> host name. To know for
> sure, enter this command on the web-only VPS:
> 
> vps1%  echo '$=w' | virtual sendmail -bt
> 
> vps2%  echo '$=w' | sendmail -bt
> 
> (The "vps1%" and "vps2%" above are prompt characters
> in this example.)
> 
> If the output of the command includes mydomain.com,
> then try this command:
> 
> % hostname
> 
> If the output is "mydomain.com", your easiest
> solution is to rename your
> server. The rename doesn't have to be anything
> earth-shattering. It might
> be as simple as changing the name to
> "www.mydomain.com" or
> "web.mydomain.com" or
> <your-favorite-name>.mydomain.com. (Last time I
> renamed a VPS, I had to go through the backroom to
> make it permanent.
> After doing it, you should re-check your
> local-host-names file; I think
> the backroom might add the new name to
> local-host-names ... ???)
> 
> Good luck!
> 
> Ben
> 
> -- 
> Bennett Lanford <ben@xxxxxxxxxxxxx>
> 
> There are 10 kinds of people: those that understand
> binary and those that
> don't.
>
======================================================================
> This is <vps-mail@xxxxxxxxxxxx>      
> <http://www.perlcode.org/lists/>
> Before posting a question, please search the
> archives (see above URL).
> 
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).