General discussion


Linux Mail server

By mksloan ·
My Linux mail server running send mail is killing my own network with Sub seven attacks on port 110 and Ripper attacks on port 110 to clients on the inside, how can I stop or find the code responsible for this, I am kind of new to Linux?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by Nico Baggus In reply to Linux Mail server

First you need to know if your linux box is
Hacked or not..... (if unsure consider it hacked)
Assume your passwords there are known somewhere
Try to figure out what processes are on your
system and if they belong there
-- Maybe the easiest thing is to put in a new box
in place. You might want to use something else
from sendmail it's not particularly known for
it's safety.
Check a the following:

It will give you your firewall/virus wall
appliance you are looking for I think...

Collapse -

by Nico Baggus In reply to

There is no trivial answer...
up2date is the redhat way of updating, nothing
wrong with it... but RedHat linux changed to
RedHat enterprise linux. (RHEL) and then you need
a subscription to updates. I am not sure if you
can still access the old update sites.
(EOL of RH7 & RH8 was dec-2003, EOL for RH9 was
so.. I guess you should look at something
different for the future.
I still have a RH9 left and 2 RH9 are still
managed by me, but I'm looking into different
distro's, for an AXP system I chose Gentoo
and for the next system i probably will take that
also, upside is current software at maximum
achievable performance, down side is you have to
compile it yourself.

clarkconnect is an RH based appliance, that is
primarily for Firewall/Mail routing but can also
do VPN, file serving etc. I't easy to manage
through a web interface.

Collapse -

by mksloan In reply to Linux Mail server

I also found out that the Linux box has never been updated. Be for I rum up2date I want to back up the data any suggestions on how to back up the users and mail accounts or the hole system, or I should be asking what directory is all that info saved in and back that up?

Collapse -

by dillip_linux In reply to Linux Mail server

Which Linux version are you using? Have you implemented any firewall rules {Iptables/Ipchains}?

Use the normal TCP-Wrapper Security to disable remote logins...

i.e in /etc/hosts.allow add
ALL : 192.168.1.

i.e in /etc/hosts.deny add

Use this rule until you have ur IPCHAINS/IPTABLES firewall Up :-) Mail me if you want any help


Related Discussions

Related Forums