Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th December 2006, 18:31
rickygm rickygm is offline
Junior Member
 
Join Date: May 2006
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
Default attack my mail server (help)

hello forum, for one day is having problems send mail local or external , I make netstat and I see many addresses connected ip to the port 25 of my server trying to send mail to users' account that neither they exist in my domain ,

the account of mail of the postmaster captures all the messages with spam and virus, and I have received as 6000 false mail, that I can make to stop this attack?

in these moments I have closed the port 25 with my firerwall , closing the port, I can send local and external mail, but I cannot receive, because they throw away me the server


comand netstat

tcp 0 0 165.98.245.75:25 220.128.139.82:16284 SYN_RECV
tcp 0 0 165.98.245.75:25 202.64.193.35:22769 SYN_RECV
tcp 0 0 165.98.245.75:25 68.157.67.203:44549 SYN_RECV
tcp 0 0 165.98.245.75:25 69.54.44.97:58832 SYN_RECV
tcp 0 0 165.98.245.75:25 204.181.65.201:24347 SYN_RECV
tcp 0 0 165.98.245.75:25 64.27.109.180:3605 SYN_RECV
tcp 0 0 165.98.245.75:25 212.70.194.252:51828 SYN_RECV
tcp 0 0 165.98.245.75:25 151.189.21.52:56698 SYN_RECV
tcp 0 0 165.98.245.75:25 168.10.57.11:48589 SYN_RECV
tcp 0 0 165.98.245.75:25 200.49.193.136:10575 SYN_RECV
tcp 0 0 165.98.245.75:25 200.193.114.4:4412 SYN_RECV
tcp 0 0 165.98.245.75:25 62.134.61.39:47531 SYN_RECV
tcp 0 0 165.98.245.75:25 65.161.178.162:42424 SYN_RECV
tcp 0 0 165.98.245.75:25 64.80.51.187:12252 SYN_RECV
tcp 0 0 165.98.245.75:25 72.54.161.219:43361 SYN_RECV
tcp 0 0 165.98.245.75:25 213.190.70.31:58170 SYN_RECV
tcp 0 0 165.98.245.75:25 217.156.103.59:40670 SYN_RECV
tcp 0 0 165.98.245.75:25 218.103.63.209:52427 SYN_RECV
tcp 0 0 165.98.245.75:25 212.234.147.107:1179 SYN_RECV
tcp 0 0 165.98.245.75:25 212.102.130.8:41171 SYN_RECV
tcp 0 0 165.98.245.75:25 193.111.200.230:34072 SYN_RECV
tcp 0 0 165.98.245.75:25 210.56.16.62:43181 SYN_RECV
tcp 0 0 165.98.245.75:25 200.110.2.197:41935 SYN_RECV
tcp 0 0 165.98.245.75:25 64.47.55.212:42167 SYN_RECV

Reply With Quote
Sponsored Links
  #2  
Old 13th December 2006, 06:39
drks drks is offline
Junior Member
 
Join Date: Aug 2006
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

You should look into adding RBL (Blacklist) lookups to limit mail from known spammers. Additionally, I would modify the postmaster account in /etc/aliases to just junk all mail to postmaster:

postmaster: /dev/null


That might not work for you, but I do not know many people that can say they'd rather deal with the spam than throw away mail for postmaster.

Perhaps if you gave us some information on the following that you are using we can help you lock it down a bit to limit Spam:

Linux Distro / Version
SMTP Mail Server
..etc
__________________
drks - http://www.5dollarwhitebox.org
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
php Apps email not going through palkat General 8 21st September 2011 05:35
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Setting up a backup mail server setup with two installations of ISPConfig zitch Tips/Tricks/Mods 7 30th December 2006 10:07
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16
Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs ebbay Installation/Configuration 9 4th March 2006 11:47


All times are GMT +2. The time now is 19:04.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.