Security :: Server Is Sending Spams
Jun 29, 2010
Currently I'm having a problem with a box which keep sending spams all over the world. yesterday we upgraded some drupal modules (which can send email), and the spam quantity reduced. But still some spams keep on going out from our server. Some of them even have attachment.
Some of them sent using accounts that never exist at our server (e.g. strager@mydomain.com), and some of them are from 'nobody'. what to check, or where to look. I've check the MX-Records and there was no strange forwarders. Really stuck here...
View 9 Replies
ADVERTISEMENT
Jun 13, 2011
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies
View Related
Mar 8, 2011
In order to get my Wireless card working Add-on: [URL]..The wlan card is working fine except I have a huge amount of logging info in dmesg/syslog
[Code]...
View 1 Replies
View Related
Nov 18, 2010
We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.
so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet. If you tell the command how to see which pc is sending spam then i will discard that pc. Also i want a strong firewall to stop spam activities.
View 6 Replies
View Related
Jul 29, 2009
When I get on the internet with Mozilla I am getting advertising that mentions the city I live in. How is that information being sent from my computer and how can I stop it? Is this in a file I can edit or delete?
View 14 Replies
View Related
Apr 13, 2010
I've got a strange problem. I have a number of linux boxes - main running Gentoo, a couple of others running Mint and a new one running Kubuntu 9.10.All, except the new one, connect to my hosted remote server through FTP, FISH or SSH without any problem.However the new machine will connect to my remote server, via fish, but then gets immediately disconnected. I have discovered, via my hosting company, that it is flooding the connection and looking in my Router log I can see:Quote:1. 2010.04.13 03:24:42 **SYN Flood to Host** 10.10.xxx.xxx, 38299->> 209.85.xxx.xxx, 80 (from ATM Outbound)If I connect first through SSH on this machine it is fine and I can navigate through the remote filesystem. If I connect through FISH using either Konqueror or Dolphin, I get an initial file listing and then the remote firewall kicks in and blacklists my IP address for half an hour.Does anyone have any ideas why this may be happening? Once I'm blacklisted I cannot make any connection, from any machine on my external IP address - whether it is HTTP, FTP, SSH
View 2 Replies
View Related
Apr 13, 2010
i m using centos 5.4 for Data Server, there i hv shared a directory to store data. i want, when ever owner of that data does delete any thing from directory, system should send me a mail with logs of that deletion action with the detail some thing like bellow
1- IP of system, from where owner did access the server and delete the data.
2- Date, Time and Name of File with Path.
These logs should be sent me by email automatically.
View 2 Replies
View Related
Jul 17, 2009
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
View 5 Replies
View Related
Aug 19, 2009
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
Additional Information:
Source Context system_u:system_r:system_mail_t
Target Context system_u:system_r:httpd_t
Target Objects eventpoll [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
code....
View 3 Replies
View Related
Jun 1, 2009
I just discovered that my server is sending huge amount of data out at about 1Mbps. My immediate thought was the deluge bittorrent client, however it is supposedly not running (and a check confirmed its total active torrents was set to 0). I turned off the network and went in to Firestarter to set the outbound traffic to restrictive, turned on network again and no more data was sent. A look in Firestarter / Events showed a long list of random ports being used (see further down). How can I identify what program is sending all the data?
In Firestarter it doesn't really say much more than the port. Not sure if it is some misconfigured program or a malware/virus. I just got my ADSL connected a few days ago, and before that I used a mobile broadband (3G) as I just relocated. During the period I used the 3G the server might have been without firewall for a few days and it was also at this time I discovered an increase in network traffic (but I didn't really pay much attention at that time). I am running Fedora 10.
List of events from firestarter, my server is 192.168.1.100:
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:39435 Source:192.168.1.100 Destination:58.208.xxx.56 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:6990 Source:192.168.1.100 Destination:112.94.xxx.212 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:2973 Source:192.168.1.100 Destination:118.93.42.xxx Length:129 TOS:0x00 Protocol:UDP Service:Svnetworks .....
View 2 Replies
View Related
May 29, 2010
I have set up SSH and redirected the ssh server to listen on another port other than 22 for a bit of added security.
Now in hosts.deny I have:
ALL : ALL
In hosts.allow I have:
SSH : ip_address_of_client
I can no longer connect. I get the message: ssh_exchange_identification: Connection closed by remote host.
When I change hosts.allow to read:
ALL : ip_address_of_client
I can successfully connect the server.
However, I only want to allow SSH access in hosts.allow. What is the correct syntax?
I have tried and failed with each one of these:
SSH : ip_address:port_number
SSH2 : ipaddress
sshfwd-portnumber : ip_address_of_client
View 2 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Jul 3, 2011
We have a vpn that is accessible to anyone. We already block port 25, 587 and 465. But I am still receiving spam reports. I believe that the users of my vpn is infected by a virus or something that sends spam. Are there any other ways that spammer send spam mails without using the smtp ports?
My guess is that they are trying to send it by accessing a webmail. Have you heard of anything like that? how to block spam?
View 1 Replies
View Related
Nov 8, 2010
Yesterday i run a postfix everything works fine and today it hangs up. if i dial "telnet localhost 25" i get (before day i get 220 answer and ordinary hello):
Code:
Trying 62.197.207.43...
Connected to trons.sk.
Escape character is '^]'.
and nothing go far.
[Code]....
View 2 Replies
View Related
Jul 4, 2010
i have setup a mail sending server using which i am able to send mail to gmail's ids but when user is having yahoo or rediffmail mail id these mails are not getting delivered either these are blocked or bounced back. what should be done to send multiple mails. just to add more details, i am using sendmail to send these mass emails.
View 6 Replies
View Related
May 10, 2011
I've searched high and low for an answer. This seems so simple...
Domain = chadmccan.com
Server 1 = admin.mo.chadmccan.com
Server 2 = leroy.mo.chadmccan.com
Email for my domain is handled by Google Apps. MX records point there, I receive a ton of email there.I have 2 systems. admin.mo.chadmccan.com, which is designed to be the "gateway" for all services, including email.On the same network, is leroy.mo.chadmccan.com. It's just an application server, for random apps, including a webserver.I just want all of my systems to email anything that goes to "root" to blahblah@chadmccan.com relaying via admin.mo.chadmccan.com. Is this impossible?
View 4 Replies
View Related
Oct 12, 2010
I have wordpress installed on my VPS, which is running 10.04.1 LTS. I appear to be having an issue whereby the server isn't sending out emails to new users, nor to myself when I get comments on the blog.I'm at a dead end for where to look next, because the settings are exactly the same as they were with my previous VPS (and they were always pretty generic), but yet it doesn't work.
View 5 Replies
View Related
Nov 7, 2010
I have been messing around with a template from Dreamweaver and went and uploaded it to my web server last night to see if it worked. the template works when i view it both on Dreamweaver and locally through windows explorer but when i visit go to the actual website either on the same network or elsewhere it shows up but is missing the background image.
my skills in html and css are good enough to try and troubleshoot this if it were a problem with the source code but as i have come up empty handed i believe it to be a problem with the server. mind you i could have missed something, if i did please let me know so i can smack my self in the head.
the domain is [URL].. should you want to view it. this is a new server only set up about a week ago and it is my first linux server. i have only ever had to deal with 2 windows servers and only a few linux desktops so i may need a few things explained.
View 2 Replies
View Related
Oct 16, 2010
I just saw that my network is slowed so I watches the /var/log/squid/access.log where I get this line continuously....
[Code]....
I thought that someone running any script so I disconnect all my LAN connection (simply removed the local lan cable) but I saw the connections is going on....so I watch the processes on proxy server but nothing suspicious....So I change my static IP and the spamming stops (I say it is spam b'coz the IP 203.188.197.10 is of yahoomail.com ) but I when I am putting my OLD ip back the connection starts again......I want to put back my old static IP b'coz I have configured it for many services. Is there any spyware on my machine or someone configured my IP?
View 3 Replies
View Related
Jan 22, 2011
I have followed the guide for "The Perfect Server - Debian Lenny (Debian 5.0) With BIND & Dovecot [ISPConfig 3]" and all is well, except.
I can send mail (to GMail) from commandline. I can send mail (to GMail) from any of the domains configured in ISPConfig3 through SquirrelMail (how ever terrible that looks, but functions) or IMAP/POP.
but....
I can't receive mail (from GMail) on any of the domains configured in ISPConfig3 in SquirrelMail or IMAP/POP.
I have my domains configured with proper MX records (just like I have them configured at work). I have all ports (80, 143, 110, 25, 22, etc) forwarded on my router that are needed.
I can Telnet to localhost and all checks are fine. I can send and receive from and to local domains on the same server, which makes sense. but
I can't Telnet from any external server to my server behind NAT.
Conclusion:
I figured it MUST be a network/port-forwarding problem as the external Telnet requests fails to my machine on port 25.
Tested my router if it would let met communicate through port 25 and it would.
So it must be my ISP, as I read in different posts.
Question:
Maybe I'm a n00b, but in all other posts the problems were with receiving AND sending.
My ISP responded that port 25 is blocked because of spam issues.
But I can mail (and even spam if I would like to) to external domains while I didn't do anything weird to make that happen.
The only thing I wish for is to receive mails and if you'd ask me, port 25 would be solely for outgoing mails, not for incoming mail deliveries throught MX?
An ISP surely wouldn't disable their customers in having a mail-server for incoming mails, as long as they would send out through their own smtp server to make sure they wouldn't spam the world?
View 1 Replies
View Related
Mar 8, 2010
How to configure my home linux server, as an email server, and be able to send email to hotmail, please?. I have done this before, but I never managed to do it so hotmail accept emails coming from my linux server.
View 5 Replies
View Related
Jun 7, 2010
I am setting up a Postfix MTA that will be only sending mail for 10 different domains. We have other servers that will be receiving the mail for the domains so I only need to set up for sending on Postfix.
What my issue is I am trying to configure Postfix so that when it sends mail the header shows what domain the mail came from and not the domain the Postfix server is set to. For example....
[URL]
When I send mail from domain2.com I want it to show in the header it was sent from domain2.com and not from domain1.com. What do I need to set in postfix so that this happens? Right now no matter what domain the mail is from the header always shows the server domain and I can't have that.
View 5 Replies
View Related
Oct 27, 2010
I have the following config with Postfix:
Quote:
But it keeps coming up with:
Quote:
Is there any reason from these configs as to why this should be occuring?
This was the guided step by step tutorial I followed: [url]
View 2 Replies
View Related
Mar 23, 2011
So I have Postfix working great and I've always used webmail if I needed to send email from PC's outside of $mynetworks. So fast forward to today where I got my 1st Android powered mobile phone and I can configure the Android mail client to send/receive IMAP email but my question is do I need to become an open relay to allow my random wireless providers dynamic range of IP's to send mail via Postfix? Seems extremely vulnerable and scary to think I would have to allow my providers IP range to relay mail via my MTA. I started reading a bit and I think I need SASL authentication and since both Postfix 2.8.1 & Dovecot 2.0.11 are both configured / using TLS, is there anything else I would need or you recommend for sending email from my Android powered mobile?
View 2 Replies
View Related
Jul 5, 2011
I tried the command echo "Test" | mailx -s "Test subject" reciever@test.com -- -f Tester@gmail.com
But in the mailbox of reciever, i can find the sender name as Tester@gmail.com. My requirement is to show the sender as 'Tester' alone, without the domain name.
View 3 Replies
View Related
Jun 13, 2011
i want to recieve mails to my emial id for the cron jobs i have assigned in linux command line..
View 1 Replies
View Related
Jul 23, 2009
I have postfix sort of working correctly. postfix can send email to the internet but it doesn't want to send email to my local exchange server. What I need is for postfix to send emails directed to @xyz.com to my exchange server instead of itself.
My setup
mail.xyz.com - exchange 2003 server
www.xyz.com - centos 5.3 server with postfix
www.xyz.com can send emails to my hotmail.com account so that part works correctly. www.xyz.com can't send email to username@xyz.com. postfix seems to be delivering the email to itself and not the exchange server.
How can I tell postfix to send the @xyz.com emails to my exchange server?
Here is a sample of my /var/log/maillog
Jul 22 15:43:43 list postfix/smtpd[9802]: D63168604A3: client=localhost.localdomain[127.0.0.1]
Jul 22 15:43:53 list postfix/cleanup[9805]: D63168604A3: message-id=<20090722204343.D63168604A3@www.xyz.com>
[Code].....
View 3 Replies
View Related
Dec 13, 2010
I am using the Postfix SMTP server for sending emails. However I just did a default installation and subsequently someone is sending spam using my SMTP server. I would like some help on securing my Postfix server and to block these mischievous emails being sent from my server.
View 2 Replies
View Related
Jun 29, 2010
shed some light on what I am doing. I am wondering if I just havehings back to front.Server (MESH):Fedora 13Firewall ports open tcp 22(ssh), tcp 873(rsync)sshd service started
View 5 Replies
View Related
Jun 17, 2010
i am using centos 5.4, running squid for proxy, i want to block email sending and receiving of proxy users to secure my data. how is it possible that the proxy user can only brows websites but he can not receive or open and send or save as draft to mail box.
View 1 Replies
View Related