[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vps-mail] Question about Sendmail/Spammers

Subject: Re: [vps-mail] Question about Sendmail/Spammers
From: "Bennett Lanford" <ben@xxxxxxxxxxxxx>
Date: Wed, 6 Apr 2005 12:22:00 -0400 (EDT)

On Wed, April 6, 2005 7:07 am, Abigail Marshall said:
> So I did go ahead and disable telnet access to all my
> servers.
>
> For anyone who doesn't know (I didn't until I looked
> it up) - telnet can be cut off in the hosts.allow file
> with this line:
>  telnet : ALL : deny

FWIW, "telnet" refers to both a program and a protocol. The above line in
hosts.allow blocks incoming connections on port 23 (the port used by the
telnet protocol).

In the exercise yesterday, we used the telnet *program* to connect to an
SMTP server by specifying an optional second argument of 25. If you omit
the second argument, it defaults to 23 (or something equivalent), which is
the default port used by the telnet *protocol*.

> The Chinese spammers are still at it, but now the line
> I see in my message file is this:
>
>  ruleset=check_rcpt, arg1=<realuser@xxxxxxxxxxxx>,
> relay=[218.56.200.251], reject=550 5.7.1
> <realuser@xxxxxxxxxxxx>... Relaying denied. Proper
> authentication required.
>
> So that tells me that Bennett was right - they were
> trying to telnet in -- since simply sending email
> using an IP number would not require authentication.
> Though they must be using a different script or
> protocol than the steps that Bennett out, because if I
> simply try to telnet myself from another VPS, I get a
> "
> Connection closed by foreign host" message, but
> nothing shows up in the message log of the VPS that is
> being hit by the Chinese spammers.

Hard-cord spammers have a toolbox full of programs that can talk SMTP.
(The telnet program--specifying 25 or 587 or 5190 as a second argument--is
just a handy troubleshooting tool for one-time use.)

If you're sure you don't want incoming e-mail, you can use hosts.allow to
block port 25 (SMTP/ESMTP), 587 (submission) and 5190 (aol--non-standard
port used by Verio as an alternate port for incoming e-mail). I included
an (untested) example in an earlier post.

-- 
Bennett Lanford <ben@xxxxxxxxxxxxx>

There are 10 kinds of people: those that understand binary and those that
don't.
======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- RE: [vps-mail] update of milter-greylist port
  - From: Martin Fischer
- RE: [vps-mail] SA 2.63 X-Spam-Status: No, hits=5.1 required=5.1
  - From: Martin Fischer, ATvirtual.NET

References:
- Re: [vps-mail] Question about Sendmail/Spammers
  - From: Abigail Marshall

Prev by Date: Re: [vps-mail] Question about Sendmail/Spammers
Next by Date: Re: [vps-mail] Question about Sendmail/Spammers
Previous by thread: Re: [vps-mail] Question about Sendmail/Spammers
Next by thread: RE: [vps-mail] update of milter-greylist port
Index(es):
- Date
- Thread

Main Index | Thread Index