On Wed, 14 Aug 2013 10:17:12 +0100 Darac Marjal articulated: > On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote: > > Hi, > > > > THIS IS URGENT > > > > I have Debian Linux machine which I installed as a mail server with > > postfix, and dovecot. my mail server is setup to use SMTP relay. I > > currently have ports 143, 995, 25 & SSMTP ports open. in the last > > few days I have been under attack where email is being sent to fake > > email address for example x...@evg-mail.org which does not exist in > > the mysql db. > > > > I need to figure out and lock down dovecot, because I believe the > > attack is some kind of virus /spyware. I need to know what > > statement in dovecot.conf or main.cf (postfix) I can modify to lock > > it down. Also open to install software to combat this kind of > > attack. Let me know what configuration files, info do you need to > > help out > > I think it's probably going to be more effective to "lock down" > postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) > than it is to "lock down" dovecot > (http://wiki2.dovecot.org/Authentication/RestrictAccess). > > I think, if you want to accept the mail but then refuse to store it, > you're looking at things from the wrong angle.
This problem would be better served on the Postfix forum. If you do
decide to post there, please follow the suggestions on:
http://www.postfix.org/DEBUG_README.html#mail
Specifically:
Output from "postconf -n". Please do not send your main.cf file, or
500+ lines of postconf output.
Better, provide output from the postfinger tool. This can be found at
http://ftp.wl0.org/SOURCES/postfinger
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
signature.asc
Description: PGP signature
