[CentOS] IMAP security

Fri Mar 28 11:14:39 UTC 2008
Ned Slider <nedslider at f2s.com>

Anne Wilson wrote:
> These, it seems, are outgoing packets.  Why, then, have they got those source 
> addresses?  Is someone managing to bounce packets through my mail server to 
> hide their tracks?

Presumably those logs are for incoming connections in your router (looks 
like a netgear log to me). The source IP address is the address of the 
host trying to connect to your imap service (port 143)

> I've never seen many of these, just the occasional one.  Sometimes they seem 
> to relate to an ntp source.  Often they seem to come from a university site.  
> I think the fact that I don't see many means that I'm not being used as an 
> open relay, but I'm not 100% confident of that.  I'd like to understand 
> what's happening.
> 

Again, "being an open relay" refers to spammers being able to send (or 
relay) mail through your smtp server (port 25). IMAP is a protocol for 
you to retrieve mail, not send it.

You can check your mail server is not acting as an open relay here:

http://www.abuse.net/relay.html

It's probably a good idea to check each time you change something in 
/etc/postfix/main.cf if you are not 100% sure.