Re: [SLUG] attacked!

From: Daniel Jarboe (daniel.jarboe@gmail.com)
Date: Fri Jun 16 2006 - 16:04:43 EDT


> >Again, the fact that you had postfix listening on an external
> >interface (and presumably not firewalled)
>
> The router should have taken care of that. I sw other ports forwarded to
> this machine (81->80 for HTTP and 22->22 for SSH), but not 25 or any others.

In that case there might be more to this. You can telnet to port 25
on the external interface of your router to be sure it's dropped or
rejected.

> Where do I look for that? AFAIC, restricting the outgoing mail destinations
> to localhost and outgoing.verizon.net is fine.

In postfix you may want to specify the mynetworks parameter, and have
your smtpd_recipient_restrictions set to
permit_mynetworks,check_relay_domains or similar. I'd search for the
howto's to do it right... these kinds of configuration tend to be set
up and fugedaboudit.

That being said, if it's truly a local attack then you are in for a
bigger fight.

Anything interesting in your mail log when this started?
~ Daniel
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:10:33 EDT