LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-02-2015, 09:34 AM   #1
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Rep: Reputation: 4
Mail server sending unknown data to foreign IP


Hello

I have one question, may be I am missing something or I don't I have installed mail server on centos 7 with postfix, dovecot, clamav, postgrey, spamassassin, mariadb and apache, roundcube. But problem is that when I send mail inside domain server is sending something on TCP port to addresses: 208.83.139.204, 208.83.137.114. I have checked that IP addresses and they belong to Cloudmark. I have also checked sa-update and freshclam but they are using different IP addresses to update.

here is example of iptables log output:
IN= OUT=eth0 SRC=myip DST=208.83.139.204 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43946 DF PROTO=TCP SPT=59373 DPT=2703 WINDOW=14600 RES=0x00 SYN URGP=0

First I thought may be it was email client thunderbird sending something but from web is same situation. So installation is fresh and my server is sending something to Cloudmark when I send mail inside domain.

Thank you for attention and help
 
Old 12-02-2015, 09:44 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,345
Blog Entries: 36

Rep: Reputation: Disabled
What's the question?
 
Old 12-02-2015, 09:55 AM   #3
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Original Poster
Rep: Reputation: 4
question is why? why to cloudmark? every time mail is sent inside of domain.
 
Old 12-02-2015, 10:16 AM   #4
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,345
Blog Entries: 36

Rep: Reputation: Disabled
I'd check to see if the domain is utilizing cloudmark's service(s).

Have you looked at https://en.wikipedia.org/wiki/Cloudmark ?
Looks reasonable to me to seeing as they provide protection against spam, viruses, phishing, and similar threats that affect email.
 
Old 12-02-2015, 10:17 AM   #5
624867243@qq.com
Member
 
Registered: Nov 2015
Location: ShenZhen
Posts: 33
Blog Entries: 1

Rep: Reputation: Disabled
how are you know "208.83.139.204" belong to Cloudmark?
 
Old 12-02-2015, 10:22 AM   #6
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Original Poster
Rep: Reputation: 4
I dont know i have searched with ip locator.
 
Old 12-02-2015, 10:24 AM   #7
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 6,311

Rep: Reputation: Disabled
Ever heard of whois?
 
Old 12-02-2015, 11:29 AM   #8
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Original Poster
Rep: Reputation: 4
yes but question was not that my friend
 
Old 12-02-2015, 11:43 AM   #9
Emerson
LQ Guru
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~arch
Posts: 6,311

Rep: Reputation: Disabled
Actually I was responding to post #5. One can run whois from command line or use a web based whois service, to answer the question.
 
Old 12-02-2015, 12:33 PM   #10
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Original Poster
Rep: Reputation: 4
yes yes i do i have done an that is Cloudmark. But i was interested why? why sending packets there.
 
Old 12-02-2015, 12:40 PM   #11
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,345
Blog Entries: 36

Rep: Reputation: Disabled
Tap, tap tap. Is this thing "on"?
Are you even reading replies?
I've suggested what I would do, if I were in your shoes.
 
Old 12-02-2015, 01:14 PM   #12
paul2015
Member
 
Registered: Apr 2015
Distribution: CentOS Fedora
Posts: 149

Original Poster
Rep: Reputation: 4
sorry Habitual I was little busy. This server does not serve any domain yet. It is not accepting mail from internet yet. I was just testing post installation and have discovered that when I send mail internally packets go to that IP address. Thank you I have read and no sure 100 percent server yet is not serving email for any domain.
 
Old 12-02-2015, 03:14 PM   #13
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,345
Blog Entries: 36

Rep: Reputation: Disabled
Quote:
Originally Posted by paul2015 View Post
sorry Habitual I was little busy.
Been there, done that. No worries.
 
Old 12-04-2015, 03:56 AM   #14
JJJCR
Senior Member
 
Registered: Apr 2010
Posts: 1,523

Rep: Reputation: 260Reputation: 260Reputation: 260
i search for cloudmark, one of the result is this:
Automatically detects e-mail accounts and begins filtering them. It works independently of email clients to block spam.

Your mail domain is hosted where?

Have you checked in your configuration whether those said IP Addresses is being used: 208.83.139.204, 208.83.137.114

As Habitual had already stated, is the mail server utilizing services from Cloudmark?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Testing a Centos 7 Mail server using telnet response is connection closed by foreign corodo Linux - Server 1 09-22-2015 08:51 AM
Slowing the mail sending queue at mail server level Luna-tic Linux - Server 1 02-29-2012 11:04 AM
Mail server not sending mail to location defined in MX record modulaaron Linux - Software 3 12-19-2010 08:57 PM
sending mail from win xp to linux imap mail server cvdsamy Red Hat 2 05-30-2009 01:37 AM
Postfix sending mail for unknown users to other server? Phaethar Linux - Software 2 03-18-2004 02:33 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration