mail log concerns

tommytomato · 12-10-2006, 02:08 AM

Hi all

I've been watchin my mail logs lately and I'm un sure if some one is trying to hack my server, any one know what the certain IP is trying to do ( 216.239.113.148 ) and Yahoo!_Slurp@rockinghamgateway.com and yahoo.rockinghamgateway.com

I dont even have a email server running

or the email address or even the subdomain address.

Code:

Dec 10 13:47:29 rockinghamgateway postfix/smtp[27496]: connect to yahoo.rockinghamgateway.com[216.239.113.148]: Connection timed out (port 25)
Dec 10 13:47:29 rockinghamgateway postfix/smtp[27496]: 901072581C0: to=<_Slurp@Yahoo.rockinghamgateway.com>, orig_to=<Yahoo!_Slurp@rockinghamgateway.com>, relay=none, delay=435200, status=deferred (connect to yahoo.rockinghamgateway.com[216.239.113.148]: Connection timed out)
Dec 10 13:47:29 rockinghamgateway postfix/qmgr[896]: 901072581C0: from=<httpd@rockinghamgateway.com>, status=expired, returned to sender
Dec 10 13:47:29 rockinghamgateway postfix/cleanup[27499]: 8D58F2580DD: message-id=<20061210054729.8D58F2580DD@rockinghamgateway.com>
Dec 10 13:47:29 rockinghamgateway postfix/qmgr[896]: 8D58F2580DD: from=<>, size=3222, nrcpt=1 (queue active)
Dec 10 13:47:29 rockinghamgateway postfix/local[27501]: 8D58F2580DD: to=<httpd@rockinghamgateway.com>, relay=local, delay=0, status=bounced (maildir delivery failed: create /var/empty/Maildir/tmp/1165729649.P27501.rockinghamgateway.com: Permission denied)

any one care to explain please. I've seen the IP's address site, it leads me to search.com

TT

acid_kewpie · 12-10-2006, 02:20 AM

looks like someone has tried to test you as an open relay. try here: http://www.abuse.net/relay.html to see what they think about your external port 25 status. you do have a mail server running though, clearly - postfix. you may wish to uninstall it if you know you don;t need it at all.

tommytomato · 12-10-2006, 07:01 AM

Thanks for that, I upgraded the system and he or she hasn't been back since 13:00 today, will the system still send mail out if I remove postfix ? because I run a few forum's my self.

TT

acid_kewpie · 12-10-2006, 07:33 AM

depends how things get sent. if you only use standard mail clients, thunderbird, evolution etc... then it's just down to what your smtp server is set as in your relevant profiles. it's nice to be able to just give mail to your computer and know it'll go out just fine, but your client can just give mail directly to your ISP's relay or wherever else outside of your own network.

trickykid · 12-10-2006, 08:38 AM

Quote:

Originally Posted by tommytomato

Thanks for that, I upgraded the system and he or she hasn't been back since 13:00 today, will the system still send mail out if I remove postfix ? because I run a few forum's my self.

TT

You'll actually need some type of MTA if you run forums. Do you depend on incoming mail? If not, just setup an IPTables rule to block all inbound port 25 traffic but allow outbound..

tommytomato · 12-10-2006, 03:32 PM

Quote:

You'll actually need some type of MTA if you run forums. Do you depend on incoming mail? If not, just setup an IPTables rule to block all inbound port 25 traffic but allow outbound..

No I dont depend on incoming mail at all, the forums send mail by it self, I dont allow the mail fuction to work on our forums, as far as I know postfix sends and thats it, I'm running tinysofa classic server 2.0 Update 6 (Ceara), and I've never been able to work out IPtables, I dont have ports 25 open on my router.

TT

trickykid · 12-10-2006, 03:34 PM

Quote:

Originally Posted by tommytomato

No I dont depend on incoming mail at all, the forums send mail by it self, I dont allow the mail fuction to work on our forums, as far as I know postfix sends and thats it, I'm running tinysofa classic server 2.0 Update 6 (Ceara), and I've never been able to work out IPtables, I dont have ports 25 open on my router.

TT

If you don't allow or block 25 on your router, you shouldn't recieve any mail except from your own server.