Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have one question, may be I am missing something or I don't I have installed mail server on centos 7 with postfix, dovecot, clamav, postgrey, spamassassin, mariadb and apache, roundcube. But problem is that when I send mail inside domain server is sending something on TCP port to addresses: 208.83.139.204, 208.83.137.114. I have checked that IP addresses and they belong to Cloudmark. I have also checked sa-update and freshclam but they are using different IP addresses to update.
here is example of iptables log output:
IN= OUT=eth0 SRC=myip DST=208.83.139.204 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43946 DF PROTO=TCP SPT=59373 DPT=2703 WINDOW=14600 RES=0x00 SYN URGP=0
First I thought may be it was email client thunderbird sending something but from web is same situation. So installation is fresh and my server is sending something to Cloudmark when I send mail inside domain.
I'd check to see if the domain is utilizing cloudmark's service(s).
Have you looked at https://en.wikipedia.org/wiki/Cloudmark ?
Looks reasonable to me to seeing as they provide protection against spam, viruses, phishing, and similar threats that affect email.
sorry Habitual I was little busy. This server does not serve any domain yet. It is not accepting mail from internet yet. I was just testing post installation and have discovered that when I send mail internally packets go to that IP address. Thank you I have read and no sure 100 percent server yet is not serving email for any domain.
i search for cloudmark, one of the result is this:
Automatically detects e-mail accounts and begins filtering them. It works independently of email clients to block spam.
Your mail domain is hosted where?
Have you checked in your configuration whether those said IP Addresses is being used: 208.83.139.204, 208.83.137.114
As Habitual had already stated, is the mail server utilizing services from Cloudmark?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.