Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Linux redhat 9.0 & 8.0 server running with sendmail but i have been reciving mails from complains from different persons saying that they receive mails as bellow.
But I donot allow my machine to relay any mails nor is the address a valid address of my server though the Ip belongs to me. Can any one tell me if this mails are really originated from my server if so how do i block them.
thanking you
sanjib gupta
Received: from sidroy3.net ([202.141.148.23]) by mx.isti.cnr.it (PMDF V6.2-X27
#30838) with SMTP id <01LBA2SC3Z3EAMI7SJ@mx.isti.cnr.it
As far as blocking them is concerned,
make an iptables rule that redirects all outgoing port 25 traffic, off to your smtp server to control the traffic.
eg.
iptables -t nat -I PREROUTING -i eth~ -p tcp --dport 25 -j REDIRECT
service iptables save
This will send it to 127.0.0.1 port 25 (Your smtp server should be listening on 127.0.0.1 (localhost)
I have also experience the same thing! My IP was in the DSBL.org because they say I was an open Relay. I have trendmicro scanning incoming and outgoing mails plus Norton 2004 on all workstations. But still some people still complains that my server is sending SPAM. I made body checks in mail post dropping emails with attachments ending in .com, .exe, .bat. But still some SPAM with an attachment ending in .com can still pass through.
I have read where people have their e-mail addresses spoofed by spammers. I had someone that got one from me and I don't run windoze. Someone that has my e-mail address, and uses windoze, has been infected with a virus. That virus got my e-mail address from their address book and used it to send spam. It can happen and have absolutly nothing to do with you or really with the person that was infected. They don't know they are doing it either.
If your system is not infected, then it is likely coming from someone else using your address.
If your system is not infected, then it is likely coming from someone else using your address.
No, if the person that is logging your IP address then it is coming from you. IP addresses are not easly faked. There is something wrong. If a machine in your network has a virus then it will start sending out mails using your external address. You should maybe set your external router/firewall to log outgoing traffic on port 25. This may help catch the unwanted mail going out.
paeng16, maybe you should give us more info. Your mail config probably needs to be changed so your system will no longer act as an open relay. Have you checked into your access control file? The only people that should be able to relay is localhost and possibly your internal network.
If a workstation sends mail, it will use your mail servers..
However if a virus sends mail, it will go directly to the internet..
This is why your ip address shows up, but with strange enail addresses.
It is quite possible to fix a virus but leave a spam programme installed..
One protection is to force ALL port 25 traffic into your server 1
eg using an iptables DNAT rule on server 1
iptables -t nat -I PREROUTING -i eth~ -p tcp --dport 25 -j REDIRECT
This forces all client traffic to be checked..
change the eth~ number to match the internal interface.
As benjithegreat98 suggested, do some logging on Server 1 on port 25 to see what's happening
iptables -t nat -I PREROUTING -i eth~ -p tcp --dport 25 -j LOG --log-prefix "mail_out "
and look in /var/log/messages
Originally posted by peter_robb I don't think your problem is with your servers..
However if a virus sends mail, it will go directly to the internet..
This is why your ip address shows up, but with strange enail addresses.
It is quite possible to fix a virus but leave a spam programme installed..
this is something new to me!
You guys are the F'CKN MASTER! I will try this tonight and will get back to you guys!
MANY THANKS!
_______________________________________________---
man is our friend my friend!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.