Re: [vps-mail] Question about Sendmail/Spammers

["Bennett Lanford" <ben@xxxxxxxxxxxxx>]

On Tue, April 5, 2005 7:14 pm, Abigail Marshall said:
> Thanks for the detailed explanation. I've changed the
> server name to www.mydomain.com now - which at least
> gives me some peace of mind knowing that mail to
> mydomain.com isn't being misdirected. It won't help
> with the spammers though -- I followed your
> instructions to telnet in, and the first thing the
> server did was tell me its new name... which of course
> the spammers could pick up.

You can modify the SMTP greeting message by defining confSMTP_LOGIN_MSG in
your sendmail mc file. The default is something like:

define(`confSMTP_LOGIN_MSG',`$j Sendmail $v/$Z; $b')

where $j is the canonical hostname
      $v is the sendmail version
      $Z is the version of the mc configuration
      $b is the current date

Sendmail will unconditionally insert "ESMTP" between the first two words
in the greeting. (I haven't figured out how to change that.) ... So, if
you can craft a greeting message without the $j in it that makes sense
with "ESMTP" as the second word, you now know how.

> Also, entering a period on a line by itself didn't end
> the conversation. No big deal, but there must be
> another way that I don't know about.

Probably. I think control-c or control-d might accomplish the same thing.
(Do it at your own risk, though).

As far as the period is concerned, it must be the first think on the line,
and all by itself on the line. (The period must be preceded and followed
by pressing the Enter/Return key.) Some terminal emulators might have
problems.

> On another note, what if I used the hosts.allow file
> to stop telnet access from all sources other than my
> own IPs? Is there any legit reason for any
> unauthorized user to ever telnet the server?

Two points here:
1. When you telnet to port 25, you aren't really using the telnet
"service"--which uses port 23. (See the file /etc/services, which maps
services to port numbers.) When you telnet to port 25, you are actually
using the telnet program to become an e-mail client (or incoming SMTP
server). (You can use the telnet program to become a web client by
telnetting to port 80, or a POP client by telnetting to port 110, etc.,
etc. In order to do something meaningful, though, you need to know the
"commands" used by those protocols.)

2. On VPS1, the hosts.allow file will do exactly what you want. This is
from memory (so it might not be quite right), but I think these lines will
deny incoming SMTP traffic through ports 25, 587 and 5190 to your
VPS1--except for mail originating on your server itself.

smtp submission aol : localhost : allow
smtp submission aol : ALL : deny

(If you are using the default hosts.allow in ~/etc/, be sure to comment
out the line "ALL : ALL : allow" that appears at the beginning of the
file. Otherwise, all later lines will be short-circuited and skipped.)

>
> In fact, is there any reason for ME to use telnet - I
> always use SSH from my desktop - but I haven't figured
> out how to use SSH for a connection from a session on
> one VPS to another. (I can connect, but I can't
> provide the other server with a correct user name) The
> only reason I ever need to do this is for convenience,
> of course -- or to go through little exercises like
> the one you detailed above.

I can think of no good reason (for me, at least) to use telnet--the
Internet service to port 23. (I *think* I have it disabled on all my
servers.) However, when you use the telnet *program* to talk to a port
other than 23, you aren't using the telnet service. (Does this make
sense?)


-- 
Bennett Lanford <ben@xxxxxxxxxxxxx>

There are 10 kinds of people: those that understand binary and those that
don't.
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).