The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

help~ my mail server got attacked

Discussion in 'E-mail Discussions' started by goodgbb, Sep 27, 2005.

  1. goodgbb

    goodgbb Well-Known Member

    Joined:
    Aug 15, 2005
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Thailand
    Dear Helpers

    My mail server (exim 4.52) got attacked by using random senders & random receivers.
    He's also attached some viruses to emails.
    I've been banned his ip address. I'm afraid that he'll use proxy or socks then do it again.

    How do I protect my mail server?

    pls help me..
    Thank You from my heart :)

    #a part of reject logs

    2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <register@xxx.com>: no such address here
    2005-09-26 15:24:19 H=(xxx.com) [xxx.185.132.xxx] F=<register@xxx.com> rejected RCPT <smith@xxx.com>: Sender verify failed
    2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here
    2005-09-26 15:30:07 H=(xxx.com) [xxx.185.132.xxx] F=<administrator@xxx.com> rejected RCPT <ted@xxx.com>: Sender verify failed
    2005-09-26 15:30:11 H=(xxx.com) [xxx.185.132.xxx] sender verify fail for <administrator@xxx.com>: no such address here
     
    #1 goodgbb, Sep 27, 2005
    Last edited: Sep 27, 2005
  2. ramprage

    ramprage Well-Known Member

    Joined:
    Jul 21, 2002
    Messages:
    667
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    Install a virus scanner - well since most of the viruses are for windows, its good to have a virus scanner on your linux box to protect the home users.

    ClamAV, also try Mailscanner and the dictionary attack rules. I personally don't recommend MailScanner as it's a resource hog.
     
  3. danielws

    danielws Member

    Joined:
    Sep 1, 2005
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Use...

    BFD (that bans exim attempts like that)

    http://www.rfxnetworks.com/proj.php

    Integrate BFD with iptables or use it with APF
     
Loading...

Share This Page