On 2 Jan 1998 18:30:31 GMT, Sherwood Botsford
> In the last month two of my hosts have been used for mail relaying of
> spam. I've got 11 different unix variants in my shop, probably running
> forty six variantions of sendmail. I don't have administrative control
> over all of them. (Many are user's workstations.)
> I'd like to be able to check each machine to see if they are suceptable
> to this problem, without logging in to the machine. Anyone know of
> a script that will check this?
Unless you have specifically set these up to not accept relay attempts,
I'm afraid they will be able to work as relays. It's just a matter of
how long will it take before someone finds out these hosts exist, and
they run an smtp daemon.
Now for solving this situation, first ask yourself why individual
workstations need to run an smtp daemon. No matter, the solution I
propose will handle these invisibly. You (and the admins for those
machines) won't need to change anything on them.
Select a few machines which you (and/or someone with administration
skills you feel you can trust), have complete administrative control
over and call these mail exchangers for the rest of the machines. On
these, standardize to the current version of sendmail, and use the
check_* rules to deny relay attempts. They should accept to deliver
mail only if it's a) coming in to the domain, or b) coming from the
domain.
Create MX records in your DNS for the other hosts, then block the
smtp ports of these at the routers.
This is what we have done at Concordia and it's quite effective.
You should be able to find plenty of information (and pointers to plenty
more) at http://www.sendmail.org.
Hope that helps.
--
----------------------------------------------------------------------
Assistant to the System Managers Concordia University
Computing Services Department Montreal, Quebec, Canada
----------------------------------------------------------------------
by