[CentOS] pop3 attack

Matt lm7812 at gmail.com
Wed Dec 10 16:20:24 UTC 2008


>> Thanks to all. For now I've stopped it using iptables. I tried stopping
>> it at my router without success, yet another reason to replace it! I
>> will also report it to abuse at covad.net.
>>
>
> My issues have gotten worse. Apparently over the last few days my ip
> address has gotten blacklisted. No idea why. Even though I have a
> commercial class cable modem service, my ip is residential because it
> comes to my house. But I've been running my mail server for several
> years and never had an issue.
>
> I've tried adding these lines to my sendmailmc and rebuilding it, but
> then nothing routes, not even local.
>
> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl
> MASQUERADE_AS(carolina.rr.com)dnl
> FEATURE(`allmasquerade')dnl
> FEATURE(`masquerade_envelope')dnl
>
> Now I'm using mailertable and that appears to be working.
>
> I'm not even sure this message with get to this list. Seems like I
> haven't received any centos list mail in a while. I have on my other
> lists though.

My guess is there trying to brute force POP3 passwords so they can use
authenticated SMTP on your server to send SPAM.  Common tactic.

What are you using for a MTA?  What about webmail?

Matt


More information about the CentOS mailing list