Regarding Blocking access
Manish Kathuria
mkathuria at tuxtechnologies.co.in
Thu Mar 8 06:22:30 UTC 2007
On 3/8/07, siva kumar <sivasunil1000 at yahoo.com> wrote:
> Hi Friends,
>
> I am new to this group and new to linux
> We have one linux server which is public ip.
> All the mails going from our linux server are going to spam.
> somebody is logging remotely and using my linux server for smtp purpose.
> how can i block the access.
>
> Regards,
> Siva Kumar
>
I can think of some possibilities, the first one could be a
misconfigured mail service working as an open relay on your server. If
you don't need any smtp server you can simply disable the service. A
similar thing could happen if you have an open proxy or a web server
having exploitable forms. If you are using this linux server as a
gateway for your LAN without a firewall, there could be some spam
trojan or worm infected system in the LAN sending out these mails.
As a first step, you can use iptables to stop the outgoing traffic
destined for port 25. If you are using your own SMTP server inside the
LAN, just selectively allow this system to send traffic to port 25.
Otherwise if you have mail clients accessing external SMTP servers,
you can allow outgoing port 25 traffic meant for those servers only.
Also check your linux server configuration to see if its working as an
open relay or open proxy.
--
Manish Kathuria
Tux Technologies
http://www.tuxtechnologies.co.in/
More information about the redhat-list
mailing list