On Saturday 08 November 2003 05:41 pm, dfox wrote: > Apparently I cannot send mail with my postfix on localhost to the network. > > Previously this was working fine and I don't see any changes made to my > postfix configuration files. > > But in the last few days things have not gone well here. Firstly, my > system was hijacked and used as an open proxy to send megabytes of spam > to the network. :(. My isp filtered my outgoing smtp port and that is > when I began to see a few errors in my /var/log/mail/errors file (unknown > service tcp/smtp). > > After finding out about this, I tried to post to the list and I don't > think any of my messages went out. first, since you must not have seen the pounds of answers you got to this, were you running squid? this seemed to be a user on your system, and not a postfix open relay. have you run chkrootkit? > I had to go into /var/spool/postfix > and start deleting a whole bunch of files in deferred - there was at one > time seven megabytes of messages trying to get out! And those were the > invalid addresses. I wonder how spammers survive -- I guess they just > exploit other systems to do the dirty work :(. > > At the moment, My box is better secured thanks to portsentry (why isn't > this program in mandrake???? I could not urpmi it, but I did find it > through rpmfind.org and the source rpm built and installed fine. > > I tried running shorewall but got nowhere. I don't know how to edit > shorewall files and I don't want something that won't even let me ping my > gateway when installed. iptables is running because of portsentry but I > don't see anything that is specifically tied to port 25. And in atcp mode > it's supposed to ignore certain standard ports anyway. > > It seems like a catch 22 - if I disable the filters perhaps outbound smtp > will work, but if I do that, I'm back to where I was before, and people > will start targeting my box again. I counted 72 attempts of portscanning > done in less than six hours, and 10 minutes after I restarted httpd I got > spurious gets in my apache log files. I think this is how they got into > my box in the first place, since I don't do much if any web stuff, and my > log files are tiny - the other day they were over a megabyte.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com