[CentOS] IMAP security

Fri Mar 28 10:50:08 UTC 2008
Anne Wilson <cannewilson at googlemail.com>

On Friday 28 March 2008 10:31:19 Kai Schaetzl wrote:
> Anne Wilson wrote on Fri, 28 Mar 2008 09:23:30 +0000:
> > Looking at those addresses in whois, I don't see any good reason for
> > these,
>
> I don't know what [IMAP rule match] means, haven't ever seen this. But it
> should be clear that if you have well-known ports open to the world that
> these attract brute-force attacks and such. That's how it is.

Yes, I understand that.  The imap port has to be open for me to use it when 
I'm away from home.  I can see how attempts would pass the router firewall, 
given that.  Hopefully the fail2ban on my server is dealing with a 
brute-force attack.
>
> > and I'm concerned in case they are relays.
>
> I'm not sure what you mean by that?
>
These, it seems, are outgoing packets.  Why, then, have they got those source 
addresses?  Is someone managing to bounce packets through my mail server to 
hide their tracks?

I've never seen many of these, just the occasional one.  Sometimes they seem 
to relate to an ntp source.  Often they seem to come from a university site.  
I think the fact that I don't see many means that I'm not being used as an 
open relay, but I'm not 100% confident of that.  I'd like to understand 
what's happening.

Anne

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080328/091e50b1/attachment-0005.sig>