[Wylug-help] Security log message

John Hodrien johnh at comp.leeds.ac.uk
Sun Mar 9 15:56:01 GMT 2008 

Prodding it back at the list, as neither of us intended to take it away...

On Sun, 9 Mar 2008, Anne Wilson wrote:

> On Sunday 09 March 2008 10:45:30 you wrote:
>> On Sun, 9 Mar 2008, Anne Wilson wrote:

>> If you're running an IMAP server that you want accessible globally
>> then you need to make sure it's patched and that the passwords don't suck.
>>
> It is patched and the passwords should be OK.  What I'm not clear on is
> whether he actually managed to access the imap server.  Clearly I have to
> have the port open if I am to be able to use it away from home, so the
> firewall on the server box is no protection.  It has to be able to pass the
> router firewall, so the same applies.  The alert came from the router log, so
> I assume that means that it saw something unexpected.  Does it mean that it
> blocked it?  I don't know.

Is the router a linux box or a standalone unit?  I'm assuming that the IMAP
server is a different network device.  In which case the router's unable to
tell whether it's a valid connection or not, so I'd assume that message was
simply informative.  You'd have to check the logs of your IMAP server to see
if the attempt was successful.

> What do people do in this situation to make it more secure?  The router can
> be set to only allow incoming imap requests from certain IPs, but I don't
> see how that can be used if you are away from home and on dhcp via a public
> network.

Indeed not.  I've previously used iptables rules that limit the number of
connection attempts per minute per IP, which can at least limit their ability
to brute force attack your machine, while minimising the risk of accidentally
blocking authorized traffic, as I've managed in the past with a slightly over
zealous self-protection system.

> This is a new situation to me as I've not used imap from outside until
> recently, so all help is most gratefully received.

I wouldn't treat this differently to having ssh accessible externally.

jh

-- 
"If you have an apple and I have an apple and we exchange these apples then
  you and I will still each have one apple. But if you have an idea and I have
  an idea and we exchange these ideas, then each of us will have two ideas."
                                                      -- George Bernard Shaw

More information about the Wylug-help mailing list