[oclug] automated spam problem

Sean Hammond sean.hammond at gmail.com
Mon Apr 18 12:06:03 EDT 2005 

Thanks Rod, that certainly seems useful and I'll try it out later.

So... the /etc/alias file will be used by any of the MTAs? Because I
have actually removed SendMail (as far as I can tell) and yet
Evolution still appears to think it is using SendMail (and mail is
indeed sent successfully) and something is still sending out cron and
anacron messages. Some other MTA installed by default could be at play
here.

Also, do you know what address I could make it use so that the
automated messages would appear in my Evolution local inbox, so I can
be sure I've stopped it sending them out and can safely plug into the
network again?

Would it be: 
postmaster: sean
service-account: sean
root:sean
username: sean at sean (which is the line bash gives me for my local
account, I am user sean on machine sean).

Thanks again. You're a lot more helpful than my disgruntled
administrator, who replied to my request for one of the email sources
with 'Your machine is sending me spam.'

 - Sean

On 4/18/05, Rod Giffin <rod at giffinscientific.com> wrote:
> On Mon, April 18, 2005 0:10, Sean Hammond said:
> > Perhaps someone can help me out with this.
> >
> > Apparently root at sdf.lonestar.org, the administrator of the domain
> > which provides my email account, has been receiving spam from me (in
> > the form of what look like automated error messages from cron and
> > anacron). This is news to me, and he unfortunately does not seem to
> > want to help me figure out what is happening, but just wants me to
> > 'stop it'.
> >
> > I haven't been able (yet) to get a full email source of one of the
> > spam messages, but I have been told that they come from my
> > cpe.net.cable.rogers.com address. This is strange because I have no
> > such address, though I am on a Rogers connection, it's not my
> > connection and all I do is plug into it via dhcp. It's also strange
> > because I don't know how he identified me as seanh at sdf.lonestar.org
> > using an email that came from some completely different address.
> > Probably I'm confused as to what he means here.
> 
> I think this might help you, since I've run into this several times with
> people configuring Linux systems on networks I manage.
> 
> On systems configured to the default, system messages are usually sent to
> root, or a service specific e-mail address (such as Postmaster), which is
> aliased to root in the alias file.
> 
> I recommend editing the alias file to send root's mail to a local user
> account (an administrator's account, me if none) to avoid actually sending
> the mail to root's e-mail account directly.  This way, all cron messages
> are sent to username at localhost instead of root.  If the system is remote,
> I also alias that username account to the users regular e-mail.
> 
> The problem has occurred in my networks where a user configures a system
> as belonging to the top-level domain, without my knowledge.  In
> otherwords, if you configure a system as belonging to the sdf.lonestar.org
> domain, without checking the configuration of Sendmail you can run into
> this issue.
> 
> Whats happening is, in some distributions, Sendmail (Postfix, et al) is
> configured to handle e-mail addressed to addresses without a domain by
> automatically appending the domain name of the system rather than the
> hostname of the system.  So if you configured your hostname as "sean" for
> example, and your domain name as sdf.lonestar.org, then the e-mail address
> for root may become root at sdf.lonestar.org instead of
> root at sean.sdf.lonestar.org or root at sean.
> 
> I.e.
> in etc/alias file:
> postmaster:             root
> service-account:        root
> root:                   username
> username:               username at wherever.you.want
> 
> Hope that helps.
> 
> Rod.
> 
> 


-- 
Sean
http://seanh.freeshell.org

More information about the OCLUG mailing list