From owner-nanog@merit.edu Mon Aug 4 20:10 EDT 1997
X-Sender: ldv2@texoma.net
Date: Mon, 04 Aug 1997 19:07:50 -0500
To: nanog@merit.edu
From: Larry Vaden <vaden@texoma.net>
Subject: Your opinion please on DOS attack ...
Mime-Version: 1.0Please excuse me if this is off topic; if so, I would appreciate a pointer
to the correct list.We've received a few thousand late this afternoon of email messages similar
to the below.What do you make of this? Is there a defense other than blocking the
alleged IP range?Your opinion appreciated.
Larry
-----
Aug 4 18:50:06 mail sendmail[29805]: SAA29805:
<_-MetHOd-MaN-_@mail.texoma.net>... User unknown
Aug 4 18:50:06 mail sendmail[29805]: SAA29805: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
Aug 4 18:50:07 mail sendmail[29786]: SAA29786:
<_-MetHOd-MaN-_@mail.texoma.net>... User unknown
Aug 4 18:50:07 mail sendmail[29786]: SAA29786: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot03.msn.com [204.95.110.85]
Aug 4 18:50:09 mail sendmail[29810]: SAA29810:
<_-MetHOd-MaN-_@mail.texoma.net>... User unknown
Aug 4 18:50:09 mail sendmail[29810]: SAA29810: from=<>, size=0, class=0,
pri=0, nrcpts=0, proto=SMTP, relay=upsmot02.msn.com [204.95.110.79]
It is worth looking at the sendmail web page (www.sendmail.org). There are
some rule sets to help with spamming. One will prevent relaying through your
site by rejecting any mail that does not originate or terminate within your
domain. This will stop any relying.
There is another rule set that will reject any mail if the domain in the
"From:" line does not resolve. Although this will not stop all spam, it
does get a lot of it. This all works with sendmail 8.6.
RBDC was for a time a favorite relay site for many and caused us no end of
trouble. sendmail 8.6 and the anti-relaying patch stopped all that cold.