Great Circle Associates Majordomo-Users
(February 2001) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: SPAMMING
From: Curtis Maurand <curtis @ lamere . net>
Organization: lamere Business Center
Date: Mon, 05 Feb 2001 15:20:01 -0500
To: Daniel Liston <dliston @ netscape . com>
Cc: Majordomo-users @ GreatCircle . COM
References: <001f01c07ff0$09162a20$1af6cdd4@1> <3A64D24E.86763A30@netscape.com> 

Hello,
  I appear to have something else going on.  I have post restricted to
members of a file, but I appear to be collecting spammers by the dozen.
Its not unusual to find 30+ messages in my inbox on mondays.  However,
when I look at the /usr/local/majordomo/Log file I see:

Jan 29 17:13:32 lamere.net majordomo[20213
{jedwards_1@chemie.uni-bremen.de} get  started

When I run get, I get: "Command disabled."

Any ideas?  I see a lot of probes using the "help" command.  All my
lists are set up with restricted posts and I've even disabled the "help"
command (not easy, but I found it in the source and renamed the function
so that it bombs.  I've also had mail send in such a way (and had it
bounce) so that it looks like someone is exploiting majordomo.  (I'm
running 1.94.4)

Curtis

Daniel Liston wrote:

> > Panos Adam wrote:
> >
> > How can I stop spamming messages coming to my list?
>
> I do a few things to "help" prevent this, but nothing is
> perfect.  Spammers keep getting smarter, and new ones pop
> up all the time.  I will speak to sendmail experience only.
>
> Use your virtusertable feature to make your delivery alias
> an "unknown" user.
>
> Make sure sendmail has majordomo listed as a trusted user
> so you do net get X-authenication headers in your messages.
>
> Use a name other than -outgoing or -list for your delivery
> address.
>
> Use ",nobody" (,anything really) on the end of your delivery
> address so sendmail does not announce your outgoing alias in
> the headers of messages.
>
> Use a procmail filter to identify that the message is To:
> or Cc: the exact address of your list.
>
> Use majordomo's resend tool to enforce settings in your
> list's .config file.
>
> Use your listname.config to set restrict_post to only
> specific addresses, or the users of the list.
>
> Use the header and body filters of majordomo.cf and the
> listname.config to catch/bounce known patterns to the
> list-owner before they are distributed to the list.
>
> After all the security checks are done, demime the message
> before letting majordomo distribute it.  Nothing to do
> with spam really, but since so much spam is coming in HTML
> format these days, why not?
>
> Dan Liston
Follow-Ups:
Indexed By Date Previous: using "bulk"
From: "Sharon F." <amazon@one.net>
Next: Re: Setting it so that user gets a copy of their message.
From: dliston@netscape.com (Dan Liston)
Indexed By Thread Previous: Re: using "bulk"
From: Chip Old <fold@bcpl.net>
Next: Re: SPAMMING
From: Todd Lyons <todd@mrball.net>
Google
 
Search Internet Search www.greatcircle.com