[CentOS] IMAP security

Fri Mar 28 17:25:50 UTC 2008
Anne Wilson <cannewilson at googlemail.com>

On Friday 28 March 2008 11:14:39 Ned Slider wrote:
> Anne Wilson wrote:
> > These, it seems, are outgoing packets.  Why, then, have they got those
> > source addresses?  Is someone managing to bounce packets through my mail
> > server to hide their tracks?
>
> Presumably those logs are for incoming connections in your router (looks
> like a netgear log to me). The source IP address is the address of the
> host trying to connect to your imap service (port 143)
>
> > I've never seen many of these, just the occasional one.  Sometimes they
> > seem to relate to an ntp source.  Often they seem to come from a
> > university site. I think the fact that I don't see many means that I'm
> > not being used as an open relay, but I'm not 100% confident of that.  I'd
> > like to understand what's happening.
>
> Again, "being an open relay" refers to spammers being able to send (or
> relay) mail through your smtp server (port 25). IMAP is a protocol for
> you to retrieve mail, not send it.
>
> You can check your mail server is not acting as an open relay here:
>
> http://www.abuse.net/relay.html
>
> It's probably a good idea to check each time you change something in
> /etc/postfix/main.cf if you are not 100% sure.
>
Thanks for the suggestion.  I've had a look at the site, and even tried it, 
but I don't think it's designed for those of us who collect mail from the 
ISP's server.  If I'm wrong I register with an address that the ISP knows and 
try again, but it seems to me that it will be testing them, not me.

Anne


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.centos.org/pipermail/centos/attachments/20080328/5ad8c321/attachment-0005.sig>