Re: SPAM-er reading my /etc/aliases?

I think that the command to do it is called EXPN or something, it
should be disabled, which it is in more recent distros.

Check comp.mail.sendmail

i

On 2007-12-20, bellutta@yahoo.com wrote:
> I am running my mail server at home on a Fedora Core 3 box that uses
> Sendmail 8.13.1/8.12.10. My box also runs https (Apache) and DNS
> server for my domain. The box is running IPTables and is behind a
> Dlink firewall/router. For the past few months I am receiving SPAM on
> this box. That is not really troubling except I *never* given out my
> e-mail addresses to anyone except friends and family. OK so someone
> might have signed me up for something. What is really troubling is
> that some of the messages are sent directly to e-mail aliases that are
> defined *only* in /etc/aliases. Some of them have never been used!
> Not a single piece of e-mail was sent from nor received from these
> addresses (except these spam messages).
>
> The reason I say they are sent to them is because not only the header
> shows they are sent to these aliases, but the message body itself is
> addressed to them ("Hi is your ... to small?"). I already
> started using Spamassassin which does not filter them out. Still my
> question is:
>
> How did the spammer got ahold of e-mail addresses that are known only
> to /etc/aliases?
>
> Any ideas?
>
> Paolo

Re: SPAM-er reading my /etc/aliases?

> On 2007-12-20, bellutta@yahoo.com wrote:
<---SNIP--->
>> How did the spammer got ahold of e-mail addresses that are known only
>> to /etc/aliases?
>>
>> Any ideas?

Possibly a dictionary attack. See the following Wikipedia article:

http://en.wikipedia.org/wiki/E-mail_address_harvesting

--
Rob MacGregor (BOFH)

Rule 37: "There is no 'overkill'. There is only 'open fire'
and 'I need to reload.'"