[Dovecot] Dovecot security
Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example x...@evg-mail.org which does not exist in the mysql db. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out Many Thanks ~Jay
Re: [Dovecot] Dovecot security
* Jay Khashan jkhas...@msn.com: Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example x...@evg-mail.org which does not exist in the mysql db. Show evidence. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out At the moment Dovecot can't send mail. Postfix can. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: [Dovecot] Dovecot security
On Wed, Aug 14, 2013 at 06:12:02AM +, Jay Khashan wrote: Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example x...@evg-mail.org which does not exist in the mysql db. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out I think it's probably going to be more effective to lock down postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to lock down dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess). I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle. signature.asc Description: Digital signature
Re: [Dovecot] Dovecot security
On Wed, 14 Aug 2013 10:17:12 +0100 Darac Marjal articulated: On Wed, Aug 14, 2013 at 06:12:02AM +, Jay Khashan wrote: Hi, THIS IS URGENT I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example x...@evg-mail.org which does not exist in the mysql db. I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out I think it's probably going to be more effective to lock down postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to lock down dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess). I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle. This problem would be better served on the Postfix forum. If you do decide to post there, please follow the suggestions on: http://www.postfix.org/DEBUG_README.html#mail Specifically: Output from postconf -n. Please do not send your main.cf file, or 500+ lines of postconf output. Better, provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __ signature.asc Description: PGP signature
Re: [Dovecot] dovecot security with IPv6
At 01:23 23-06-2011, KÄrlis Repsons wrote: particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... If you do not consider it as secure to run a Dovecot server on a public IPv4 address, the same applies for IPv6. Regards, -sm
[Dovecot] dovecot security with IPv6
Hi Timo, hi all others! In fact, I've only read one person claiming that IPv6 support opens up too many backdoors [1], but anyway, as I intend to run just particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... (or note just shortly what else could give a firm ground to such claims...) [1] http://forums.gentoo.org/viewtopic-t-882557.html
Re: [Dovecot] dovecot security with IPv6
On 06/23/2011 02:23 AM, Kārlis Repsons wrote: Hi Timo, hi all others! In fact, I've only read one person claiming that IPv6 support opens up too many backdoors [1], but anyway, as I intend to run just particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... (or note just shortly what else could give a firm ground to such claims...) [1] http://forums.gentoo.org/viewtopic-t-882557.html I can't think of any backdoors introduced in IPv6. The trouble I foresee with IPv6 and email won't concern Dovecot, but some spam filtering. Since the IPv6 address space is large, people can't expect to be successful by blocking spammers IP addresses one-by-one. Instead they will end up blocking entire subnets if that's a route they choose to go. I know that Dovecot slows down/delays login attempts with multiple authentication failures. I guess the question to ask is whether this is source IP-based, or user name-based, or both. Anyone know the answer to this? If it's source IP-based, then if I was an attacker with an IPv6 subnet assigned to me, I would just come at it with a different IP address each time to avoid the slowdown. In short, that's the only real potential issue I could see. Willie
Re: [Dovecot] dovecot security with IPv6
That clown is a tad over paranoid... The only real issue with devices using ipv6 is that most people become relaxed with security, preferring with ipv4 to do it all on the NAT box, with ipv6 there is no NAT, so if you have 5 machines, you need to configure full security on all. If you're an ISP/OSP/ESP, then you should already have appropriate security via your router and server, just remember though, if using linux you need to use ip6tables -as well as- iptables in your firewall rules script. There is absolutely NO security risk in exposing any server port to the net, be it dovecot, apache, or bind ... or, whatever. On Thu, 2011-06-23 at 08:23 +, Kārlis Repsons wrote: Hi Timo, hi all others! In fact, I've only read one person claiming that IPv6 support opens up too many backdoors [1], but anyway, as I intend to run just particular services, please give me your opinion if it's insecure to have a dovecot server, which is accessed through a public IPv6 address... (or note just shortly what else could give a firm ground to such claims...) [1] http://forums.gentoo.org/viewtopic-t-882557.html signature.asc Description: This is a digitally signed message part