help~ my mail server got attacked

**goodgbb** · 09-27-2005 12:37 AM

Dear Helpers

My mail server (exim 4.52) got attacked by using random senders & random receivers.
He's also attached some viruses to emails.
I've been banned his ip address. I'm afraid that he'll use proxy or socks then do it again.

How do I protect my mail server?

pls help me..
Thank You from my heart

#a part of reject logs

2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <register@xxx.com>: no such address here
2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] F=<register@xxx.com> rejected RCPT <smith@xxx.com>: Sender verify failed
2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here
2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] F=<administrator@xxx.com> rejected RCPT <ted@xxx.com>: Sender verify failed
2005-09-26 15:30:11 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here

**ramprage** · 09-27-2005 07:40 AM

Install a virus scanner - well since most of the viruses are for windows, its good to have a virus scanner on your linux box to protect the home users.

ClamAV, also try Mailscanner and the dictionary attack rules. I personally don't recommend MailScanner as it's a resource hog.

**danielws** · 09-27-2005 07:42 AM

Originally Posted by goodgbb

Dear Helpers

My mail server (exim 4.52) got attacked by using random senders & random receivers.
He's also attached some viruses to emails.
I've been banned his ip address. I'm afraid that he'll use proxy or socks then do it again.

How do I protect my mail server?

pls help me..
Thank You from my heart

#a part of reject logs

2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <register@xxx.com>: no such address here
2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] F=<register@xxx.com> rejected RCPT <smith@xxx.com>: Sender verify failed
2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here
2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] F=<administrator@xxx.com> rejected RCPT <ted@xxx.com>: Sender verify failed
2005-09-26 15:30:11 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here

BFD (that bans exim attempts like that)

http://www.rfxnetworks.com/proj.php

Integrate BFD with iptables or use it with APF

LinkBack

Thread Tools

help~ my mail server got attacked

Use...

Server attacked by phishers

Am I being attacked?

My server attacked?

How can i know that my server was attacked bye another or not?

please,help me my server is attacked