[oclug] automated spam problem

Mon Apr 18 08:14:48 EDT 2005

On Mon, April 18, 2005 0:10, Sean Hammond said:
> Perhaps someone can help me out with this.
>
> Apparently root at sdf.lonestar.org, the administrator of the domain
> which provides my email account, has been receiving spam from me (in
> the form of what look like automated error messages from cron and
> anacron). This is news to me, and he unfortunately does not seem to
> want to help me figure out what is happening, but just wants me to
> 'stop it'.
>
> I haven't been able (yet) to get a full email source of one of the
> spam messages, but I have been told that they come from my
> cpe.net.cable.rogers.com address. This is strange because I have no
> such address, though I am on a Rogers connection, it's not my
> connection and all I do is plug into it via dhcp. It's also strange
> because I don't know how he identified me as seanh at sdf.lonestar.org
> using an email that came from some completely different address.
> Probably I'm confused as to what he means here.

I think this might help you, since I've run into this several times with
people configuring Linux systems on networks I manage.

On systems configured to the default, system messages are usually sent to
root, or a service specific e-mail address (such as Postmaster), which is
aliased to root in the alias file.

I recommend editing the alias file to send root's mail to a local user
account (an administrator's account, me if none) to avoid actually sending
the mail to root's e-mail account directly.  This way, all cron messages
are sent to username at localhost instead of root.  If the system is remote,
I also alias that username account to the users regular e-mail.

The problem has occurred in my networks where a user configures a system
as belonging to the top-level domain, without my knowledge.  In
otherwords, if you configure a system as belonging to the sdf.lonestar.org
domain, without checking the configuration of Sendmail you can run into
this issue.

Whats happening is, in some distributions, Sendmail (Postfix, et al) is
configured to handle e-mail addressed to addresses without a domain by
automatically appending the domain name of the system rather than the
hostname of the system.  So if you configured your hostname as "sean" for
example, and your domain name as sdf.lonestar.org, then the e-mail address
for root may become root at sdf.lonestar.org instead of
root at sean.sdf.lonestar.org or root at sean.

I.e.
in etc/alias file:
postmaster:             root
service-account:        root
root:                   username
username:               username at wherever.you.want

Hope that helps.

Rod.