[CentOS] pop3 attack

Wed Dec 10 20:06:19 UTC 2008
Toby Bluhm <tkb at alltechmedusa.com>

Scott Silva wrote:
> on 12-10-2008 8:02 AM James Pifer spake the following:
>> On Tue, 2008-12-09 at 16:26 -0500, James Pifer wrote:
>>> Thanks to all. For now I've stopped it using iptables. I tried stopping
>>> it at my router without success, yet another reason to replace it! I
>>> will also report it to abuse at covad.net. 
>>>
>> My issues have gotten worse. Apparently over the last few days my ip
>> address has gotten blacklisted. No idea why. Even though I have a
>> commercial class cable modem service, my ip is residential because it
>> comes to my house. But I've been running my mail server for several
>> years and never had an issue. 
>>
>> I've tried adding these lines to my sendmailmc and rebuilding it, but
>> then nothing routes, not even local. 
>>
>> define(`SMART_HOST',`smtp-server.carolina.rr.com')dnl
>> MASQUERADE_AS(carolina.rr.com)dnl
>> FEATURE(`allmasquerade')dnl
>> FEATURE(`masquerade_envelope')dnl
>>
>> Now I'm using mailertable and that appears to be working. 
>>
>> I'm not even sure this message with get to this list. Seems like I
>> haven't received any centos list mail in a while. I have on my other
>> lists though.
>>
>> Any help is appreciated. 
>>
>> Thanks,
>> James
> I think all the masquerade options are causing your problems. Just set the
> proper smarthost and restore the other options to what they were and then test.
> 

Or switch to postfix. I plunked "relayhost = smtp-server.roadrunner.com" 
into main.cf & away it went.


-- 
tkb