More likely than not, em5000 is not attaching SPAM to your outgoing list,
but rather using your -outgoing address/alias as a direct mail-to: point.
Protect this address by refusing messages as "error:nouser User unknown"
to outside SMTP connections. It is also highly recommended that you use
a suffix for outgoing messages other than -list or -outgoing. These are
too easy for spammers to latch onto.
Dan Liston
Tom Lettington wrote:
>
> I am running majordomo version 1.94.5 on Red Hat Linux 7.1 with sendmail
> version 8.11.2.
>
> It appears that em5000 and at least one other outfit has managed to figure
> out how to attach outgoing SPAM to legitimate outgoing posts from my users
> to a legitimate list. These abusers are not in my access.db and do not
> have Cw records in my sendmail.cf. I found out about it when a "failure
> notice" was sent back to the list owner citing email addresses that are not
> in the list.
>
> I'm working with a wizard to try to figure out what this exploit is and try
> to find a way out of it.
>
> Has anyone on this list had a similar experience and can you give me some
> clues?
>
> Thanks in advance for any helpful hints. I know you folks are usually very
> clueful!
>
> - Tom
References:
|
|
