Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: GUI Ubuntu 14.0.4 - Server Ubuntu 14.04.5 LTS
Posts: 963
Rep:
mail log concerns
Hi all
I've been watchin my mail logs lately and I'm un sure if some one is trying to hack my server, any one know what the certain IP is trying to do ( 216.239.113.148 ) and Yahoo!_Slurp@rockinghamgateway.com and yahoo.rockinghamgateway.com
I dont even have a email server running or the email address or even the subdomain address.
Code:
Dec 10 13:47:29 rockinghamgateway postfix/smtp[27496]: connect to yahoo.rockinghamgateway.com[216.239.113.148]: Connection timed out (port 25)
Dec 10 13:47:29 rockinghamgateway postfix/smtp[27496]: 901072581C0: to=<_Slurp@Yahoo.rockinghamgateway.com>, orig_to=<Yahoo!_Slurp@rockinghamgateway.com>, relay=none, delay=435200, status=deferred (connect to yahoo.rockinghamgateway.com[216.239.113.148]: Connection timed out)
Dec 10 13:47:29 rockinghamgateway postfix/qmgr[896]: 901072581C0: from=<httpd@rockinghamgateway.com>, status=expired, returned to sender
Dec 10 13:47:29 rockinghamgateway postfix/cleanup[27499]: 8D58F2580DD: message-id=<20061210054729.8D58F2580DD@rockinghamgateway.com>
Dec 10 13:47:29 rockinghamgateway postfix/qmgr[896]: 8D58F2580DD: from=<>, size=3222, nrcpt=1 (queue active)
Dec 10 13:47:29 rockinghamgateway postfix/local[27501]: 8D58F2580DD: to=<httpd@rockinghamgateway.com>, relay=local, delay=0, status=bounced (maildir delivery failed: create /var/empty/Maildir/tmp/1165729649.P27501.rockinghamgateway.com: Permission denied)
any one care to explain please. I've seen the IP's address site, it leads me to search.com
TT
Last edited by tommytomato; 12-10-2006 at 02:11 AM.
looks like someone has tried to test you as an open relay. try here: http://www.abuse.net/relay.html to see what they think about your external port 25 status. you do have a mail server running though, clearly - postfix. you may wish to uninstall it if you know you don;t need it at all.
Distribution: GUI Ubuntu 14.0.4 - Server Ubuntu 14.04.5 LTS
Posts: 963
Original Poster
Rep:
Thanks for that, I upgraded the system and he or she hasn't been back since 13:00 today, will the system still send mail out if I remove postfix ? because I run a few forum's my self.
depends how things get sent. if you only use standard mail clients, thunderbird, evolution etc... then it's just down to what your smtp server is set as in your relevant profiles. it's nice to be able to just give mail to your computer and know it'll go out just fine, but your client can just give mail directly to your ISP's relay or wherever else outside of your own network.
Thanks for that, I upgraded the system and he or she hasn't been back since 13:00 today, will the system still send mail out if I remove postfix ? because I run a few forum's my self.
TT
You'll actually need some type of MTA if you run forums. Do you depend on incoming mail? If not, just setup an IPTables rule to block all inbound port 25 traffic but allow outbound..
Distribution: GUI Ubuntu 14.0.4 - Server Ubuntu 14.04.5 LTS
Posts: 963
Original Poster
Rep:
Quote:
You'll actually need some type of MTA if you run forums. Do you depend on incoming mail? If not, just setup an IPTables rule to block all inbound port 25 traffic but allow outbound..
No I dont depend on incoming mail at all, the forums send mail by it self, I dont allow the mail fuction to work on our forums, as far as I know postfix sends and thats it, I'm running tinysofa classic server 2.0 Update 6 (Ceara), and I've never been able to work out IPtables, I dont have ports 25 open on my router.
No I dont depend on incoming mail at all, the forums send mail by it self, I dont allow the mail fuction to work on our forums, as far as I know postfix sends and thats it, I'm running tinysofa classic server 2.0 Update 6 (Ceara), and I've never been able to work out IPtables, I dont have ports 25 open on my router.
TT
If you don't allow or block 25 on your router, you shouldn't recieve any mail except from your own server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.