[Nottingham] Disable Ports

Johan Boshoff jboshoff at rpc.co.za
Tue Aug 29 19:16:11 BST 2006


Hi,

My server is hosted at a company in America and they told me that SPAMMERS 
are using my server to send out mail.  I did ask them to send me more 
details and am still waiting.

The thing is, I don;t want people to use the server to send out mail.  It is 
a web and mail server, but not to send out mail to the public.

Basically I tighten up the SSHD because I get so many IP's trying to connect 
to the server via SSH.  Disabled ROOT access and the GraceTime to only 10 
seconds and only gave two users access to log in via SSH.

I am sure this will minimize attacks...  Anyway, I know the above is only 
for the SSH and has nothng to do with sendmail.

And yes, I am fairly new to Linux, but still have about 2 years experience 
administering it to a certain extend (Internal Networks) and this is my 
first time administering it as a web and mail server.  I also know that I 
need to do a course or two, but time is precious and I don;t have much.

Any ideas where I can get some free online courses on security, mailservers, 
etc?

Thanks!
Johan



----- Original Message ----- 
From: "Martin" <martin at ml1.co.uk>
To: <nottingham at mailman.lug.org.uk>
Sent: Tuesday, August 29, 2006 6:46 PM
Subject: Re: [Nottingham] Disable Ports


> Reminder: Please start a _new_ thread for a new topic!
> Hint: Use "write" or "new" and NOT "reply"
>
> Pain: It messes up threaded readers and threaded archives! (If we all
> used "reply" for everything, there would only be one thread for
> everything which would make threading pointless!
>
>
> David Aldred wrote:
>> On Tuesday 29 August 2006 16:04, Johan Boshoff wrote:
>>
>>>It seems like someone is using my server to send out mail and I don't 
>>>know
>>>where to start the investigation.
>>
>>
>> What leads you to think this is happening?
>>
>> If you are getting bounce messages for mail you didn't send, it's 
>> probably not
>> your server being used, but your address being faked elsewhere.
>
> Exactly. Of late, the spammers have made "mail bounce" messages useless
> due to using ridiculous numbers of faked bounce messages for spam.
> Simple large scale vandalism of the internet. :-(
>
>
> On a practical note, take a look at your system logs to see what your
> machine has actually been doing. Take a look also at the mail headers to
> see if they make sense or whether they are indeed fakes.
>
> Let us know what you find.
>
> Good luck,
> Martin
>
> -- 
> ----------------
> Martin Lomas
> martin at ml1.co.uk
> ----------------
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham 




More information about the Nottingham mailing list