[CentOS] Help: Server security compromised?

Wed Aug 6 07:26:50 UTC 2008
Noob Centos Admin <centos.admin at gmail.com>


On Wed, Aug 6, 2008 at 3:07 PM, Robert - elists <lists07 at abbacomm.net>wrote:

> If server is not compromised, just edit the smtp configs to deny acceptance
> from that ip block
The EXIM configurations are even more nightmarish than iptables, which at
least made some sort of sense. I've been plugging the ip address into the
various bad_sender bad_host etc files in the exim configuration directory
but it's still not ignoring it. The EXIM smpt/MTA will still accept the
connection, then check and realize hey something's not quite right, then
issue a reject before the VNSL machine terminates the connection. So the
server's still wasting resources handling tens of thousands of such
transaction and chewing up log space at the same time.

Hence I have to resort to just blocking from iptables.

Of course, it could very well be my own admitted incompetence that I'm doing
something wrong here so Exim is not working the way I expect. I'm very very
wary about messing any deeper with the mail settings because a server that's
obviously dead to the world is much easier to notice than client emails
mysteriously disappearing for days due to bad config before they realize it.

Why doesn't the server have an ILO port or something to that effect?

Well, my boss's a cheapskate and his clients are cheapskate so a couple of
years back I was assigned the server administration job on top of my regular
day role to setup the server with OTS parts. Hence the half baked setup
based on a tight budget and whatever information I can glean from the
internet and the good folks on forums and mailing lists.

So for the ILO? Well, only today did the term enter my mind. Although I did
vaguely remember suggestions for a remote reboot button but it was beyond my
know how to setup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20080806/a0a9a7b8/attachment-0004.html>