Creative Spammers finding out valid accounts on my mail server!

[WMAdam]

Hi everybody,
I run a mail server that handles mail for multiple domains. Somehow, a spammer is obtaining a list of valid mail accounts on my sendmail server and addressing his spam messages to only those accounts. Many of these accounts mail accounts have never been used by a person and are not posted around the internet anywhere, which leads me to believe there is a way for an outsider to query my mail server for a list of valid mail accounts.
Has anyone heard of this?

Thank you in advance!
Adam

 

[Butterfly123]

What version of Sendmail r u using? I guess its 8.11 or older version..

With Sendmail on public network, its very easy for spammers to query the user accounts by logging in to the smtp port. By default, smtp port does not do any authentication and allows the spammer to log in (well, the user cannot harm the system with this, but he can easily find out the valid user accounts on your mail server by issuing expn/vrfy commands)..

What u need to do here is add SMTP_AUTH feature to ur Sendmai.cf and add enable encrypted communication on your smtp.. THis should solve ur problem..

Regds,

- Hemant
Networking and Systems Integration Group
Satyam Computer Services Ltd

 

[WMAdam]

I very much appreciate the advice!
Thanks!
Adam

 

[yahoo16]

But hemant, Mine is sendmail8.8.7v. Is it possible to add that SMTP_AUTH feature to my sendmail.cf ?? If so pls let me noe. Coz i cud avoid tedious process of Upgrading my sendmail for the same reason as Adam's.

kuppu

 

[Butterfly123]

YAhoo16,

I am not sure about Sendmail 8.9.7 version whether it supports SMTP AUTH feature.. Checkout the documentation of ur sendmail.. (get into source code folder and read the README and INSTALL text files) .. If it supports, the INSTALL procedures will describe the procedure..

All the best,

- Hemant
Networking and Systems Integration Group
Satyam Computer Services Ltd