What you are seeing might not have anything to do with your box. If you do not have SPF records set up for your domain, anyone can send mail with your domain in the From address, claiming that it came from you. When the spam hits an invalid email address, the bounce will come back to you, since you are the host of the domain in the "From" address.
W On 10/21/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote: > > > [EMAIL PROTECTED] wrote: > >> Hello guys, > >> I run custom compiled Gentoo headless boxes for hosting. Qmail Toaster > >> won > >> me over about a year ago. So I put CentOS/QT on another server just for > >> mail only. > >> > >> I had to take my QT box offline when I kept getting bounces from > >> everywhere to my catchall account. Somehow one of my domains was > sending > >> mails like crazy from different "names"@mydomain.com. > >> > >> I've shut that box down and have been watching my firewall logs and I > >> had > >> several ip's pounding port 25. > >> > >> Now I've started up another one of my backup servers and did a complete > >> re-install. > >> > >> I've installed QT/CentOS from the QT - The Easy Way... > >> The only thing I have not did within the guide is setup any domain keys > >> and I have my own firewall rules. Other than that, this is up and > >> running > >> out of the box. > >> > >> Any security holes or steps you guys can inform me about? > >> > >> I'm going to look at the wiki as soon as I get time. > >> > > > > Lots of good info on the wiki. > > There are not any security holes per se. If you have a rogue/badly > > written PHP mailer script on one of your websites, that has nothing to > > do with Toaster, Qmail, or any other mailer program. > > You can throttle people on port 25 if you'd like. Check the wiki (it may > > be in the archives, don't remember), but there's a firewall rule you can > > add in that will deny connections from IPs that connect more than x > > number of times in y number of minutes. This cuts down on the bots some > > - I use it on some of my machines. You just have to be careful with it. > > I have one client that has 75+ machines on a network, and they all set > > their Outlook to check for messages every 2 minutes which flagged them > > by this rule and blocked them for a while (too bad they're my most > > self-important client as well.....). But that will all be a moot point > > if you have a spam-bot (PHP script or whatever) on your machine anyway. > > You may just be seeing the bounces from the joe-job that was running on > > your machine. > > > Thanks for the reply... > I'm sure it wasn't any php or script mailers. > The reason I asked about any security holes is none of the accounts were > showing up in admin, qmailadmin or vpopadmin etc. I run several servers > behind an ipcop linux firewall/router. I'm no guru at MTA's but I forward > the mail ports to the mail server box. > > Well thnks again, > I'll get to the wiki asap, > RD > > > > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
