Silent Runners is a Visual Basic script, which can be used to scan a system for software that starts automatically when Windows starts, which may aid you in determining if a system is infected with malware.
[ More Info ]
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
[ More Info ]
someuser@frostdragon.com. There is
an account, someuser on the system and email addressed to
someuser@moonpoint.com should go through, but, though email for
both domain names is processed by the server, email to
someuser@frostdragon.com should not be delivered. Presumably,
since someuser is acually a common male name, email addressed to
someuser@frostdragon.com is from some spammer trying common
names to deliver his spam.
I edited /etc/mail/access and added the line below:
someuser@frostdragon.com 550 Mailbox disabled for this recipientThe 550 is a standard error code for an email server to return
to an email client when email is rejected. You can specify whatever message
you wish after it. In this case I chose "Mailbox disabled for this recipient".
I could have just used the following line instead, if I didn't want to specify
my own specific error message.
someuser@frostdragon.com REJECT
After executing the command makemap hash /etc/mail/access
</etc/mail/access to rebuild the access database file, you can test
the block by establishing a telnet connection to port 25 on the server,
issuing an helo or ehlo command, then a mail
from command with any address as the "from" address, and then a
rcpt to command with the relevant recipient address.
mail from: someone@example.com
250 2.1.0 someone@example.com... Sender ok
rcpt to: someuser@frostdragon.com
550 5.0.0 someuser@frostdragon.com... Mailbox disabled for this recipient
rcpt to: someuser@moonpoint.com
250 2.1.5 someuser@moonpoint.com... Recipient ok
quit
221 2.0.0 frostdragon.com closing connection
From the above, I can see that email to the address I wanted marked as invalid
is rejected immediately, but email to the same username at a different domain
name gets through. Mail with a "from" address of
someuser@frostdragon.com would still be accepted,
even though it is now rejected as a "to" address.
Since I don't want the server to accept email if that address appears as
a "from" address either, I added the line below to /etc/mail/access
as well and rebuilt the access database with makemap hash /etc/mail/access
</etc/mail/access.
From:someuser@frostdragon.com 550 We don't accept mail from spammers
If you try sending using a "from" address of someuser@frostdragon.com
now, the message will be rejected. However, if you test the block by
the telnet e.g. telnet frostdragon.com 25 and then issuing
an ehlo or helo command followed by mail
from and rcpt to commands, you won't see the rejection
message until you've entered the rcpt to command, i.e. it
doesn't occur when the mail from command is issued.
mail from:<someuser@frostdragon.com>
250 2.1.0 <someuser@frostdragon.com>... Sender ok
rcpt to:<myself@moonpoint.com>
550 5.0.0 <myself@moonpoint.com>... We don't accept mail from spammersReferences:
