List-Managers: Re: sendmail -f attack?

List-Managers
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: sendmail -f attack?
From:	Brad Knowles <brad @ his . com>
Date:	Thu, 30 Jan 1997 09:38:17 -0500
To:	nolan @ tssi . com, list-managers @ GreatCircle . com (List Managers)
In-reply-to:	<199701281653.KAA00181@celery.tssi.com>

At 11:53 AM -0500 1/28/1997, Mike Nolan wrote:

>As best I can determine, it is coming from someone on either a system named
>'dilbert' or one named 'cameron' within eds.com, possibly from a
>user gfcastee
>who has access to sendmail with the -f flag.  (Am I reading the
>headers right?)
>The Received headers on the original message (stripped by procmail/smartlist
>but retained in my archives) also point towards EDS.

	Yup, you've read the headers right.  With newer versions of
sendmail, it's pretty hard to hide when you try to do something like
this.

	I think you've probably done all you can do in terms of tracking
this problem down, it's now up to the folks over at EDS to respond.

--
Brad Knowles,                                  MIME/PGP: brad@his.com
    comp.mail.sendmail FAQ Maintainer     <http://www.his.com/~brad/>
        finger brad@his.com for my PGP Public Keys and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>

References:

sendmail -f attack?
From: Mike Nolan <nolan@celery.tssi.com>

Indexed By Date	Previous:	Re: fresh horror from AOL From: Brad Knowles <brad@his.com>
Indexed By Date	Next:	Re: fresh horror from AOL From: "Nathan J. Mehl" <nmehl@leftbank.com>
Indexed By Thread	Previous:	sendmail -f attack? From: Mike Nolan <nolan@celery.tssi.com>
Indexed By Thread	Next:	Hiding outgoing listnames From: Jered J Floyd <jered@mit.edu>