[CentOS] IMAP security
Ned Slider
nedslider at f2s.com
Fri Mar 28 11:14:39 UTC 2008
Anne Wilson wrote:
> These, it seems, are outgoing packets. Why, then, have they got those source
> addresses? Is someone managing to bounce packets through my mail server to
> hide their tracks?
Presumably those logs are for incoming connections in your router (looks
like a netgear log to me). The source IP address is the address of the
host trying to connect to your imap service (port 143)
> I've never seen many of these, just the occasional one. Sometimes they seem
> to relate to an ntp source. Often they seem to come from a university site.
> I think the fact that I don't see many means that I'm not being used as an
> open relay, but I'm not 100% confident of that. I'd like to understand
> what's happening.
>
Again, "being an open relay" refers to spammers being able to send (or
relay) mail through your smtp server (port 25). IMAP is a protocol for
you to retrieve mail, not send it.
You can check your mail server is not acting as an open relay here:
http://www.abuse.net/relay.html
It's probably a good idea to check each time you change something in
/etc/postfix/main.cf if you are not 100% sure.
More information about the CentOS
mailing list