[wplug] figuring out where mail sent from your box came from
Bill Moran
wmoran at potentialtech.com
Fri Nov 18 10:07:32 EST 2005
Russ Schneider <russ at sugapablo.com> wrote:
> Seems like someone was spamming AOL from one of my boxes.
>
> How can I tell from the logs whether this was a user on my box sending
> mail from the box, or someone relaying mail from an outside server?
>
> I'm assuming if someone is sending it from an outside server, I can simply
> block port 25 and be done with it?
Make sure you're not set up as an open relay. There are a number of web
sites that will test this for you remotely.
If you don't need email services, disable them altogether. If you need
local mail delivery, block port 25 inbound in your packet filter, or
correctly configure postfix for outgoing-only mail. You also might
want to consider replacing Postfix with something like ssmtp, which can
_only_ do outgoing mail, and thus can be configured insecurely.
Check /var/log/maillog for data on what might be happening.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list