SMTP Flooding - How can I stop it?


 
Thread Tools Search this Thread
Special Forums Cybersecurity SMTP Flooding - How can I stop it?
# 1  
Old 01-11-2008
SMTP Flooding - How can I stop it?

Please someone help! My SMTP server has been under attack for days and I'm at my wits end. I'm by no means a UNIX security expert but I've been reading and researching for days to no avail. I'm getting unauthorized mail from external servers being relayed or redirected through my SMTP server. The IP addresses change on almost every connection. I can post log excerpts and config file info if necessary. I just don't know what would be relevant. This is a virtual dedicated server from godaddy.com running RedHat Fedora and PLESK admin control panels. I really need help so anyone who might have any ideas or suggestions, please respond! Thanks everyone.
# 2  
Old 01-11-2008
Which MTA are you running (eg sendmail/postfix/other )?
# 3  
Old 01-11-2008
I ran a top to see running processes and it looks like qmail. Though I thought qmail used sendmail somehow. Could be wrong though.... I'm okay with UNIX but only mostly for web server things. (Apache, MySQL, PHP...) I'm new to security and mail server testing/repair/hardening so I'm at a standstill. I made a few changes to the sendmail.cf file and one of the qmail files to throttle the connection rate and to pause 5 seconds before returning GREET. After switching Port 25 back on today the relays are no longer being passed on (I think...). My SMTP server is still being bombarded with connection requests so I'm not sure if I've completely resolved this or if I need to look elsewhere for connection restrictions. The connection attempt rate has, at times, approached 1.07 connections per second!
# 4  
Old 01-11-2008
Do you have this directory?

/var/qmail/control
# 5  
Old 01-11-2008
Yes I do. I've been in here before. I believe it was to add to rcpthosts when I first got this server online.
# 6  
Old 01-11-2008
Ok, and that confirms qmail. What do you have in rcphosts, ie. is there anything other than your domain?
# 7  
Old 01-11-2008
Below is the content of my rcpthosts file. All of the domains except gmail, yahoo, and hotmail are hosted on this server as virtual hosts and each has its own mail domain. Do you think I should remove the non-hosted domains from this file?

roundus.com
nestlincoln.com
screenink.com
bellabodyworks.com
kingsleymd.com
gmail.com
hotmail.com
yahoo.com
high5club.org
pkflynn.com
screeninc.com
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Sudo or su keeps flooding my /var/log/messages

It is crazy when you just entered a command example sudo or su or even ps. It will flood your /var/log/messages. Please see duplicate entries except for the pid. At 1 specific time. Thanks $ cat b Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan 13 17:09:05 SERVER1 bash: user1 as root: Jan... (3 Replies)
Discussion started by: invinzin21
3 Replies

2. Solaris

Svc messages flooding the system logs every second

Hi all I have a newly installed Oracle X2-4 server running Solaris 10 x86 with the latest patches. I have one non-global zone configured running an Oracle DB instance. After configuring IPMP failover between two NICs on the server and rebooting I am seeing the /var/adm/messages being flooded... (7 Replies)
Discussion started by: notreallyhere
7 Replies

3. Red Hat

SMTP Settings

Hi all, Please help to check weather the SMTP settings are configured or not on my LINUX server? I want to send a mail to mailbox. I know that the target SMTP server has to be configured on LINUX box to do so. How can i see weather it is configured or not? --Ramesh Ch. (3 Replies)
Discussion started by: Raamc
3 Replies

4. UNIX for Dummies Questions & Answers

Smtp

Hi All, I have a unix box which is in a network with windows machine, I am able to send the mails to the user id's with in the unix box. I dont have Internet connection for this box, so I am not able to test if it can send mails to external network or not? I want to know, if SMTP is already... (1 Reply)
Discussion started by: balu_puttaganti
1 Replies

5. AIX

SMTP doubt

Hi All, I have a unix box which is in a network with windows machine, I am able to send the mails to the user id's with in the unix box. I dont have Internet connection for this box, so I am not able to test if it can send mails to external network or not? I want to know, if SMTP is already... (0 Replies)
Discussion started by: balu_puttaganti
0 Replies

6. Programming

C Smtp

how do you send a ".\n" in a smtp client? >354 Send message, end with <CRLF>.<CRLF> >. > i have already issued a "./n" but it doesnt work. please help. thanks. (1 Reply)
Discussion started by: grotesque
1 Replies

7. UNIX for Advanced & Expert Users

how to stop others users to stop viewing what i am doing ?

Hi , I have one question, suppose i am a normal user and when i use 'w' command , it shows who is logged on and what they are doing . Now i want to stop others users to know what i am doing accept the root ? can i do this ? thanks (5 Replies)
Discussion started by: mobile01
5 Replies

8. IP Networking

SMTP with sendmail

Hi, I have a solaris 9 box, and 2 domains A.com and B.net. the machine is on B.net. I am not able to send emails to @A.com using mail or mailx. after reading on sendmail, there was something about relaying and editing the file /etc/mail/relay-domains. Please let me know if this is what i... (1 Reply)
Discussion started by: 0ktalmagik
1 Replies

9. UNIX for Advanced & Expert Users

Smtp

Hi All, I am running an email server on a Linux machine. My goal is to set up in a way that I can use pop3 to retrieve mail from a Windows machine using Outlook. Now I can download the messages from the Linux email server, however I can not send out messages. I encounter this error: ... (1 Reply)
Discussion started by: vtran4270
1 Replies
Login or Register to Ask a Question