Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yesterday I setup a Postfix mail server on Debian Lenny, with TLS and basic (non-SASL) authentication. I was gone for a bit, and when I looked this evening, all hell had broken lose. mail.info, mail.err, syslog are all 15M in size with lines like the below:
As far as I can tell, the only common theme is that the requests originate from Taiwan. There are .gov.tw, .edu.tw, .com.tw -- the full spectrum.
What is going on, and how do I tell these people to leave me alone? I'd like to fix the problem to the point where this nonsense simply doesn't even show up in my logs. I am brand spanking new to mail server administration, and was not expecting this type of thing!
Last edited by jhwilliams; 09-05-2009 at 07:37 PM.
Yesterday I setup a Postfix mail server on Debian Lenny, with TLS and basic (non-SASL) authentication. I was gone for a bit, and when I looked this evening, all hell had broken lose. mail.info, mail.err, syslog are all 15M in size with lines like the below:
As far as I can tell, the only common theme is that the requests originate from Taiwan. There are .gov.tw, .edu.tw, .com.tw -- the full spectrum.
What is going on, and how do I tell these people to leave me alone? I'd like to fix the problem to the point where this nonsense simply doesn't even show up in my logs. I am brand spanking new to mail server administration, and was not expecting this type of thing!
Tell them? Good luck...even if you did manage to get in touch with someone, they probably won't care.
The best thing I can suggest is to set up Postfix to not allow relays like you've got it now. These links:
These cover blacklists and friend-only relay setups. Basically, set up your postfix to only allow incoming mail from servers that YOU allow, and reject everything else. China and Taiwan are some of the biggest spam-email producers in the world, and like all spammers, look for open relay hosts to shovel out their emails.
Postfix also supports policy daemons, they can reduce your cpu and network overheads enormously as the connection can be dropped and the mail doesn't need to be accepted/processed
I don't believe that his mail server is an open relay because each of his log entries provided by him state the following:
Relay access denied
Connection timed out
His issue is the fact that the relay attempts are being logged and an attempt at processing is made. An open relay would mean the relay attempts are successful.
Search for Fail2ban in the forums here. That might help you out.
The connections are timing out and there is no mail being relayed, from looking at his log snippet. This is more a configuration issue than a security issue, IMO. He needs to find some way of blocking out all the spam mail attempts. I don't believe Fail2ban is designed to tackle his issue, but I may be wrong.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.