[2252] in WWW Security List Archive
Re: Email Hack: Help.
daemon@ATHENA.MIT.EDU (Steff Watkins)
Tue Jun 25 06:07:56 1996
From: Steff Watkins <Steff.Watkins@Bristol.ac.uk>
To: WWW-SECURITY@ns2.rutgers.edu
Date: Tue, 25 Jun 1996 08:45:08 +0100 (BST)
In-Reply-To: <Pine.BSD/.3.91.960624123356.12305A-100000@ns.sprintout.com> from "Doug Breault" at Jun 24, 96 12:42:45 pm
Errors-To: owner-www-security@ns2.rutgers.edu
Doug Breault wrote:
=>
=>Hello Everyone,
=>
=>We've got a problem here with a hacker. There's some punk
=>apparently hacking a mail server somewhere and sending BS postings all over
=>the net regarding get rich quick schemes, etc - from a non-existent
=>account on our server. They've done it twice so far, from two different
=>non-existent accounts.
=>2. What are the methods one uses to do fake these FROM fields? And is
=> there a way to prevent it?
Hi Doug,
may be able to help here.
Assuming that the systems that have email daemons are Unix-based, you can
use the 'hosts.allow' and 'hosts.deny' mechanism.
Just add all valid hosts to the '/etc/hosts.allow' file and then put 'all'
in the '/etc/hosts.deny' file against the 'smtp' entry.
Hope this helps,
Steff
