Server found while in construction - beware
Lesson here about how open you make a new server while under construction. Fortunately for me, my first step before starting postfix was to apply my 'recipe' of postconf commands? Anyway the system is publicly addressed, but on a different subnet than the production box it will replace. I am running this way, as this time if all goes right (and this is my 5th build test), I drain the old box, change the addresses on this new one and swap them out. Public DNS for this is its IPaddr.domain so it shows how the robots look for any working address with port 25 available: Feb 27 03:57:23 klovia postfix/smtpd[7677]: connect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 03:57:24 klovia postfix/smtpd[7677]: NOQUEUE: reject: RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1 1...@k888.tw: Relay access denied; from=a...@hotmail.com to=1...@k888.tw proto=SMTP helo=208.83.67.180 Feb 27 03:57:24 klovia postfix/smtpd[7677]: lost connection after RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 03:57:24 klovia postfix/smtpd[7677]: disconnect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max connection rate 1/60s for (smtp:36.231.85.78) at Feb 27 03:57:23 Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max connection count 1 for (smtp:36.231.85.78) at Feb 27 03:57:23 Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max cache size 1 at Feb 27 03:57:23 Feb 27 08:11:07 klovia postfix/smtpd[8254]: connect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 08:11:08 klovia postfix/smtpd[8254]: NOQUEUE: reject: RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1 1...@k888.tw: Relay access denied; from=a...@hotmail.com to=1...@k888.tw proto=SMTP helo=208.83.67.180 Feb 27 08:11:08 klovia postfix/smtpd[8254]: lost connection after RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 08:11:08 klovia postfix/smtpd[8254]: disconnect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max connection rate 1/60s for (smtp:36.231.85.78) at Feb 27 08:11:07 Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max connection count 1 for (smtp:36.231.85.78) at Feb 27 08:11:07 Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max cache size 1 at Feb 27 08:11:07 Feb 27 12:26:46 klovia postfix/smtpd[9705]: connect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 12:26:47 klovia postfix/smtpd[9705]: NOQUEUE: reject: RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1 1...@k888.tw: Relay access denied; from=a...@hotmail.com to=1...@k888.tw proto=SMTP helo=208.83.67.180 Feb 27 12:26:47 klovia postfix/smtpd[9705]: lost connection after RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 12:26:47 klovia postfix/smtpd[9705]: disconnect from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max connection rate 1/60s for (smtp:36.231.85.78) at Feb 27 12:26:46 Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max connection count 1 for (smtp:36.231.85.78) at Feb 27 12:26:46 Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max cache size 1 at Feb 27 12:26:46
Re: Server found while in construction - beware
Am 27.02.2013 22:08, schrieb Robert Moskowitz: Lesson here about how open you make a new server while under construction. Fortunately for me, my first step before starting postfix was to apply my 'recipe' of postconf commands? Anyway the system is publicly addressed, but on a different subnet than the production box it will replace. I am running this way, as this time if all goes right (and this is my 5th build test), I drain the old box, change the addresses on this new one and swap them out. Public DNS for this is its IPaddr.domain so it shows how the robots look for any working address with port 25 available: 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1 1...@k888.tw: Relay access denied; from=a...@hotmail.com to=1...@k888.tw proto=SMTP helo=208.83.67.180 Feb 27 03:57:24 klovia postfix/smtpd[7677]: lost connection after RCPT from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78] ah hinet.net - as far as i remember this is the asian large crap provider where you get FIVE biubces as response to a abuse-mail and i temprary blocked aroubd 1 Mio. IP addresses from them in iptables in fact, what you are showing is the sad truth making any machine public and not secured and it may lead to intrusions within minutes or sometimes seconds, that is why all the but who is interested in me carells hobbiests are completly wrong nearly ten years ago a simple test and 10 years ago was virtually notihing compared to now in context of attacks and intrusions * samba on the WAN * a completly fresh ip-address * guest account enabled * voila, a collection of all known and unknown malwares from a to z in the share * timeframe: 10 minutes up to an hour signature.asc Description: OpenPGP digital signature
