Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out Many Thanks ~Jay
* Jay Khashan <jkhashan at msn.com>:> Hi, > > THIS IS URGENT > > I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db.Show evidence.> I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help outAt the moment Dovecot can't send mail. Postfix can. p at rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstra?e 15, 81669 M?nchen Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote:> Hi, > > THIS IS URGENT > > I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx at evg-mail.org which does not exist in the mysql db. > > I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help outI think it's probably going to be more effective to "lock down" postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to "lock down" dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess). I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20130814/d9cf9a03/attachment.bin>