Denial of Service attack in sendmail - Networking

This is a discussion on Denial of Service attack in sendmail - Networking ; Dear all, For the sendmail server, it seems to still have "denial of service attack" after re-installing the whole Redhat 9.0.In fact, such type of email is that we let customers send their information from the internet through php webpage. ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Denial of Service attack in sendmail

  1. Denial of Service attack in sendmail

    Dear all,



    For the sendmail server, it seems to still have "denial of service attack"
    after re-installing the whole Redhat 9.0.In fact, such type of email is that
    we let customers send their information from the internet through php
    webpage. Anyway, some other hackers may attack our server through the email.



    Please give me possible advice on how to eliminate such kind of rubbish
    email, thanks



    Regards,

    John.



    ---------------------------------------------------------------

    The feedback from the MailScanner is given as follows:



    The following e-mails were found to have: Virus Detected
    Sender: nobody@xx-xx.com
    IP Address: 127.0.0.1
    Recipient: tiaxq@email.net
    Subject: Welcome to your advice
    MessageID: l857AWmf003853
    Quarantine:
    Report: Denial of Service attack in message!

    Full headers are:

    Return-Path:
    Received: from ns.xx-xx.com (localhost.localdomain [127.0.0.1])
    by ns.xx-xx.com (8.12.8/8.12.8) with ESMTP id l857AWmf003853
    for ; Wed, 5 Sep 2007 15:10:33 +0800
    Full-Name: Nobody
    Received: (from nobody@localhost)
    by ns.xx-xx.com (8.12.8/8.12.8/Submit) id l857AWk4003851;
    Wed, 5 Sep 2007 15:10:32 +0800
    Date: Wed, 5 Sep 2007 15:10:32 +0800
    Message-Id: <200709050710.l857AWk4003851@ns.xx-xx.com>
    To: tiaxq@email.net
    Subject: Welcome to your advice
    From:
    --
    MailScanner
    Email Virus Scanner
    www.mailscanner.info


    This message has been scanned for viruses and
    dangerous content by MailScanner, and is
    believed to be clean.

    ===============================

    The original message was received at Thu, 30 Aug 2007 07:51:43 +0800
    from localhost.localdomain [127.0.0.1]

    ----- The following addresses had permanent fatal errors -----

    (reason: 550 5.1.1 ... User unknown)

    ----- Transcript of session follows -----
    .... while talking to zoso.email.net.:
    >>> DATA

    <<< 550 5.1.1 ... User unknown
    550 5.1.1 ... User unknown
    <<< 503 5.0.0 Need RCPT (recipient)





  2. Re: Denial of Service attack in sendmail

    John wrote:
    > For the sendmail server, it seems to still have "denial of service attack"
    > after re-installing the whole Redhat 9.0.In fact, such type of email is that
    > we let customers send their information from the internet through php
    > webpage. Anyway, some other hackers may attack our server through the email.
    >


    First off RH 9.0 is not even supported anymore, it was released 2003 and EOL
    was 2005.

    You give no sendmail version. And allowing php mail scripts is just asking for
    trouble.

    >
    >
    > Please give me possible advice on how to eliminate such kind of rubbish
    > email, thanks


    Install something newer.

    -- Scott

  3. Re: Denial of Service attack in sendmail

    John wrote:
    > Please give me possible advice on how to eliminate such kind of rubbish
    > email, thanks
    >


    Opps correction - *Everything* you are using is old. Even your sendmail
    version, 8.12.8, is old. The newest version is 8.14.1 which is 2 *WHOLE*
    versions newer.

    >
    > ---------------------------------------------------------------
    >
    > The feedback from the MailScanner is given as follows:
    >
    >
    >
    > The following e-mails were found to have: Virus Detected
    > Sender: nobody@xx-xx.com
    > IP Address: 127.0.0.1
    > Recipient: tiaxq@email.net
    > Subject: Welcome to your advice
    > MessageID: l857AWmf003853
    > Quarantine:
    > Report: Denial of Service attack in message!
    >
    > Full headers are:
    >
    > Return-Path:
    > Received: from ns.xx-xx.com (localhost.localdomain [127.0.0.1])
    > by ns.xx-xx.com (8.12.8/8.12.8) with ESMTP id l857AWmf003853
    > for ; Wed, 5 Sep 2007 15:10:33 +0800
    > Full-Name: Nobody
    > Received: (from nobody@localhost)
    > by ns.xx-xx.com (8.12.8/8.12.8/Submit) id l857AWk4003851;
    > Wed, 5 Sep 2007 15:10:32 +0800
    > Date: Wed, 5 Sep 2007 15:10:32 +0800
    > Message-Id: <200709050710.l857AWk4003851@ns.xx-xx.com>
    > To: tiaxq@email.net
    > Subject: Welcome to your advice
    > From:


+ Reply to Thread