Denial of Service attack in sendmail

Dear all,



For the sendmail server, it seems to still have "denial of service attack"
after re-installing the whole Redhat 9.0.In fact, such type of email is that
we let customers send their information from the internet through php
webpage. Anyway, some other hackers may attack our server through the email.



Please give me possible advice on how to eliminate such kind of rubbish
email, thanks



Regards,

John.



---------------------------------------------------------------

The feedback from the MailScanner is given as follows:



The following e-mails were found to have: Virus Detected
Sender: (E-Mail Removed)
IP Address: 127.0.0.1
Recipient: (E-Mail Removed)
Subject: Welcome to your advice
MessageID: l857AWmf003853
Quarantine:
Report: Denial of Service attack in message!

Full headers are:

Return-Path: <?g>
Received: from ns.xx-xx.com (localhost.localdomain [127.0.0.1])
by ns.xx-xx.com (8.12.8/8.12.8) with ESMTP id l857AWmf003853
for <(E-Mail Removed)>; Wed, 5 Sep 2007 15:10:33 +0800
Full-Name: Nobody
Received: (from nobody@localhost)
by ns.xx-xx.com (8.12.8/8.12.8/Submit) id l857AWk4003851;
Wed, 5 Sep 2007 15:10:32 +0800
Date: Wed, 5 Sep 2007 15:10:32 +0800
Message-Id: <(E-Mail Removed)>
To: (E-Mail Removed)
Subject: Welcome to your advice
From: <(E-Mail Removed)>
--
MailScanner
Email Virus Scanner
www.mailscanner.info


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

===============================

The original message was received at Thu, 30 Aug 2007 07:51:43 +0800
from localhost.localdomain [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<(E-Mail Removed)>
(reason: 550 5.1.1 <(E-Mail Removed)>... User unknown)

----- Transcript of session follows -----
.... while talking to zoso.email.net.:
>>> DATA
<<< 550 5.1.1 <(E-Mail Removed)>... User unknown
550 5.1.1 <(E-Mail Removed)>... User unknown
<<< 503 5.0.0 Need RCPT (recipient)

John wrote:
> For the sendmail server, it seems to still have "denial of service attack"
> after re-installing the whole Redhat 9.0.In fact, such type of email is that
> we let customers send their information from the internet through php
> webpage. Anyway, some other hackers may attack our server through the email.
>

First off RH 9.0 is not even supported anymore, it was released 2003 and EOL
was 2005.

You give no sendmail version. And allowing php mail scripts is just asking for
trouble.

>
>
> Please give me possible advice on how to eliminate such kind of rubbish
> email, thanks

Install something newer.

-- Scott

John wrote:
> Please give me possible advice on how to eliminate such kind of rubbish
> email, thanks
>

Opps correction - *Everything* you are using is old. Even your sendmail
version, 8.12.8, is old. The newest version is 8.14.1 which is 2 *WHOLE*
versions newer.

>
> ---------------------------------------------------------------
>
> The feedback from the MailScanner is given as follows:
>
>
>
> The following e-mails were found to have: Virus Detected
> Sender: (E-Mail Removed)
> IP Address: 127.0.0.1
> Recipient: (E-Mail Removed)
> Subject: Welcome to your advice
> MessageID: l857AWmf003853
> Quarantine:
> Report: Denial of Service attack in message!
>
> Full headers are:
>
> Return-Path: <?g>
> Received: from ns.xx-xx.com (localhost.localdomain [127.0.0.1])
> by ns.xx-xx.com (8.12.8/8.12.8) with ESMTP id l857AWmf003853
> for <(E-Mail Removed)>; Wed, 5 Sep 2007 15:10:33 +0800
> Full-Name: Nobody
> Received: (from nobody@localhost)
> by ns.xx-xx.com (8.12.8/8.12.8/Submit) id l857AWk4003851;
> Wed, 5 Sep 2007 15:10:32 +0800
> Date: Wed, 5 Sep 2007 15:10:32 +0800
> Message-Id: <(E-Mail Removed)>
> To: (E-Mail Removed)
> Subject: Welcome to your advice
> From: <(E-Mail Removed)>