Some other thoughts: 1. Consider how secure your router/firewall is. There are lots of DefCon talks on Youtube where they hack into routers running linux firmware and install malware. Therefore don't overlook the possibility that your router is the culprit.
2. Tighten up your firewall rules as much as possible, especially for ports 25 and 587. Default rules can block all connections for ports 25, 465, 110, 143, 993, and 995. Then go back and write rules to allow ONLY the IP's which should be using these ports. Allow the mail server outgoing port 25. Allow ports 587, 993, 995 only on the internal clients which should be allowed to send/check mail. You should probably never allow ports 110 and 143 because they are plain-text and usernames/passwords can easily be sniffed. Also consider if you are allowing non-TLS logins on port 587 as the usernames/passwords would be sent in plain-text and thus at risk of being sniffed. This basically boils down to distrusting EVERY device on the internal network, and then explicitly deciding which devices to trust. The degree this can be done will vary for different networks, but it should be the guiding philosophy. But remember that this is why QMail itself is so secure... each component distrusts every other component. :) -Andy PS: don't forget about the router! If it is insecure, all else is for naught. On 1/15/2016 2:13 PM, Jim Shupert wrote: > i will try the > > check the qmail queue > > monitor the send log or use tcpdump to check connections to the server. > > I am now Off the blacklist so it is not such a Bright red matter ... > > I also am going to be vigelant to dlt unused accounts > ( personnel changes .... and there ya go unattended account of > m...@mydomain.com , password=found_in_dictionary ! opps ) > I have dlted those sorts > > I ... am reluctant to block all SMTP ( port 110 ?? ) out going. > I have some ...machines on the network that send an email ( via their > own sendmail or other mta ) > these have a cronned script that looks how full a local drive is and > sends an email to folks here.... so that they can keep track ...cause > they never actually LOOK.. > > these are sent from a machine (root) w a gmail account . gmail server > > but it STill leaves via my firewall ... so that would stop it yes? > > thanks > > jshupert > > On 1/14/2016 9:44 PM, Eric wrote: >> Hi Jim, >> >> You can do several things. First, on your internet firewall block all >> outgoing SMTP traffic not originating from your email server. This >> will prevent PC's from sending spam directly out the firewall. Two, >> check the qmail queue for the possibility of a hacked password. >> Usually when someone is using a hacked account the queue fills up >> quickly. Looking at the queue it will be obvious which email account >> has been hacked. I've had 11 thousand emails in the queue, over the >> period of just a few hours, from a hacked password. Three, an email >> account on a local PC spurred by a virus could be using your email >> server as a relay. You could monitor the send log or use tcpdump to >> check connections to the server. >> >> Eric >> >> On 1/14/2016 4:12 PM, Jim Shupert wrote: >>> it seems that my mail server does appear on a blacklist . >>> spamcop >>> >>> If I use mxtoolkit >>> >>> https://mxtoolbox.com >>> >>> under "more information" it says >>> The SpamCop Blocking List lists IP Addresses which have sent >>> unsolicited email to SpamCop users. This is often an indication of a >>> Virus or Botnet from a Malware infection contracted inside your network. >>> >>> So , i am wondering what might be happening >>> >>> Might I have a bot somewhere >>> such as >>> an account has been compromised ? a bad guy has the login & psswd and >>> is now spamming? >>> >>> how could/can i tell? >>> a look at the logs? >>> where ? how? >>> >>> would i monitor port 25 on my network? >>> >>> any wisdom is welcomed. >>> >>> to be clear. I am not a spammer - just a small bussiness with a >>> qmailtoster and ... now I have this matter >>> >>> >>> any wisdom is welcomed. >>> >>> thanks in advance >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
