[CentOS] pop3 attack
webmaster at ew3d.com
Wed Dec 10 17:02:22 UTC 2008
James Pifer wrote:
> On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote:
>> Thanks to all. For now I've stopped it using iptables. I tried stopping
>> it at my router without success, yet another reason to replace it! I
>> will also report it to abuse at covad.net.
> My issues have gotten worse. Apparently over the last few days my ip
> address has gotten blacklisted. No idea why. Even though I have a
> commercial class cable modem service, my ip is residential because it
> comes to my house. But I've been running my mail server for several
> years and never had an issue.
> I've tried adding these lines to my sendmailmc and rebuilding it, but
> then nothing routes, not even local.
> Now I'm using mailertable and that appears to be working.
> I'm not even sure this message with get to this list. Seems like I
> haven't received any centos list mail in a while. I have on my other
> lists though.
> Any help is appreciated.
Are you using bounce instead of reject anywhere on the system? If so,
they can bounce their spam to anyone off of your server... also a common
tactic. Also, things like mailforms on the server with autoresponders
can also be a source of abuse. If they autorespond with the message
input included, it's just a matter of using the email address you want
to spam in that form. If the form doesn't have some good checks and
balances, like Captcha, it's wide open for abuse by bots. Even captcha
needs to be tough as they are using OCR to bust through easy to read
If you are being blacklisted, email is almost certainly coming out of
your server which contains spam. Depending on the lists, it could be
spewing a lot.
You may wish to have postmaster and abuse addresses open on that system
and actually look at them... These are RFCs that should be followed
anyway... as to whether or not you read them...... But I do watch the
postmaster email for 'quantity changes'. If it rises suddenly, somebody
More information about the CentOS