Home Page   #vim  #kubuntu  #slackware  #freebsd  #debian  #linux  #gentoo  #fedora  #ubuntu  #compiz-fusion  #bash  #suse  
Reliable $1 Web Hosting by 3iX

Channels


#linux

02 November 2007

Total 63 pages. You are browsing page 1/63.

First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last

--- Log opened Fri Nov 02 00:00:04 2007
--- Day changed Fri Nov 02 2007
00:00 <****> hes sending to the local users
00:00 <****> not relaying
00:00 <****> TO?
00:00 <****> so just some spammer?
00:00 <****> i tryed setting up cygwin and it was installing good and halfway through it sent me about 20 error messages about not being able to find a file
00:00 <****> yeah, but its weird, hes harassing one guy
00:00 <****> i dont think theres really any way to stop him, save banning his ip, which ive done
00:00 <****> what you should find out is whether he uses normal emails
00:00 <****> i need opendwg toolkit
00:01 <****> he doesnt
00:01 <****> but i cannot find it
00:01 <****> or whether he exploits a misconfig of your mailserver
00:01 <****> how do i search the repositories
00:01 <****> the logs seem to indicate that he just telnets in
00:01 <****>
00:01 <****> rho: lol
00:01 <****> we get a connection, and then several minutes later the message is sent
00:01 <****> Scott0: run apt-get update prior
00:01 <****> Scott0: run "apt-get update" prior
00:01 <****> you have telnetd running?
00:02 <****> thats a security risk
00:02 <****> Scott0: and pick up the apt howto
00:02 <****> no.....i dont think so
00:02 <****> 25 will allow you to send mails from our server
00:02 <****> man you guys totally don't get what rho's got going on
00:03 <****> rho see if you can enable senderid or something in the mail daemon
00:03 <****> rho: it shouldnt
00:03 <****> portmap sploit?
00:03 <****> i have done that insta
00:03 <****> it's a misconfigged mailserver
00:03 <****> rho, rho, rho your boat
00:03 <****> lol
00:03 <****> ok none of these guys get what's happening
00:03 <****> it's kinda crazy
00:03 <****> hes not relaying
00:03 <****> you have to authenticate for that
00:03 <****> why don't you just hosts.deny his IP for now?
00:03 <****> gently down sploit stream...
00:03 <****> seems opendwg toolkit is nonexistant
00:03 <****> hes mailing the users on OUR server
00:03 <****> i have
00:03 <****> but, that doesnt necessarily stop the problem
00:03 <****> just trying to prevent it for the future?
00:03 <****> insta: how about explaining things instead of trying to denigrate people?
00:04 <****> merrily merrily merrily merrily , telnet is but a dream
00:04 <****> insta: ... ;)
00:04 <****> i'm trying to get people to stop throwing suggestions at rho for now
00:04 <****> Anyone know how to send a F11 command to an X11 window from console?
00:04 <****> it's not a postfix exploit if someone with a telnet to the SMTP port is speaking SMTP to the server sending to approved SMTP recepients
00:04 <****> insta: and you think telling people on irc they don't understand something will shut them up? you must be new here. ;)
00:04 <****> thats my thought on the matter as well
00:05 <****> insta, i think youre right
00:05 <****> it's really not
00:05 <****> installing cygwin is more complicated then alot of other things i've installed -.-
00:05 <****> mailservers talk to each other with SMTP
00:05 <****> but is there anything i can do besides ban the ip (since ive already done that)
00:05 <****> no reason a user can't talk to a mailserver with SMTP, since that's how mail is sent in the first place
00:05 <****> rho: you should fix the spoof or relaying hole
00:05 <****> man you guys totally don't get it
00:05 <****> that's why you need SSL
00:06 <****> TLS :)
00:06 <****> could you see his entire log?
00:06 <****> spreeuw, he is NOT relaying
00:06 <****> paotzu: ohno..
00:06 <****> you guys dont get it yourself ;p
00:06 <****> or just line items overall?
00:06 <****> spreeuw, our server it set up to require authentication for realying
00:06 <****> it doesnt matter whether telnet is used or a foreign mta
00:06 <****> he might have been EHLO'ing with "me" like i do if i'm sending mail with telnet
00:06 <****> it's just a config problem
00:06 <****> of his mailserver
00:06 <****> it should verify things
00:07 <****> verify what?
00:07 <****> boy , you guys are way out in left field O/o
00:07 <****> thats what im asking, how do i prevent this kind of thing?
00:07 <****> rho: paste some headers
00:07 <****> Nintendo64: cygwin is basically for runnin emulated programs that are tied to Windows. You can get a dual boot linux/windows setup going, but you're going to have to be careful.
00:07 <****> it depends ont he exact method he uses
00:07 * gregorah is still a noob
00:08 <****> method for what?
00:08 <****> rho: just tell the guy to stop or report it to the guy's boss. crazy non-technical solution I know. :)
00:08 <****> rho: you can set postfix up to only allow trusted ip to send emails from your server.
00:08 <****> okay....lets back up
00:08 <****> shall we?
00:08 <****> i think i need to clarify a couple of things
00:08 <****> the guy *is* an authotized user of the system, the probelm is that he is masquerading as another user
00:09 <****> stop right there
00:09 <****> damned straight :P
00:09 <****> he is NOT an authorized user, he does not authenticate
00:09 <****> he sends mail to the local users of the mail system, he does NOT relay
00:09 <****> your own employees are not authroized to send mail?
00:09 <****> they are
00:10 <****> however, they have to AUTHENTICATE
00:10 <****> sorry about the caps
00:10 <****> he should not have access to localhost mailing apparatus
00:10 <****> but theres a lot of text going on in here, thought it would be good to highlight the important parts
00:10 <****> ah so he telnets to a shell? and mails from there?
00:10 <****> rho just /msg me...


Total 63 pages. You are browsing page 1/63.

First :: Prev :: [1] [2] [3] [4] [5] [...] :: Next :: Last