After viewing some statistics I have come across the following.
In WHN -by viewing Email >> View Relayers I see that the server has been used to spam. I need to seal this up wherever it is coming from // whatever means they are using. Its happened under 200 times this month, but its happened nonetheless.
Someone has been able to push spam through the server using non-existing accounts -- which indicates they've purposely targetted this server for the activity. Whoever may have found us through a domain that was migrated to our new host as this was a target on the other server before we moved.
I already had the sendmail configured not to use "nobody" as a default user when no user was called --- sooooooo, this issue exceeds my skill level security wise.
Here is a list of the Invalid user names used and the amount sent through
each:
username: server1.mydomain.com" email sent: 119 bytes: 1913318
username: when email sent: 1 bytes: 1483
username: 50mg email sent: 1 bytes: 2834
username: \"FrUiTCaKeS\" email sent: 1 bytes: 3602
username: you" email sent: 1 bytes: 2225
username: Viagra email sent: 1 bytes: 2561
username: (ns2 server)" email sent: 1 bytes: 796
username: sale" email sent: 1 bytes: 3229
I would appreceiate any information, or a link to a post reguarding a fix for this hole in my securty dam.
Thanks
In WHN -by viewing Email >> View Relayers I see that the server has been used to spam. I need to seal this up wherever it is coming from // whatever means they are using. Its happened under 200 times this month, but its happened nonetheless.
Someone has been able to push spam through the server using non-existing accounts -- which indicates they've purposely targetted this server for the activity. Whoever may have found us through a domain that was migrated to our new host as this was a target on the other server before we moved.
I already had the sendmail configured not to use "nobody" as a default user when no user was called --- sooooooo, this issue exceeds my skill level security wise.
Here is a list of the Invalid user names used and the amount sent through
each:
username: server1.mydomain.com" email sent: 119 bytes: 1913318
username: when email sent: 1 bytes: 1483
username: 50mg email sent: 1 bytes: 2834
username: \"FrUiTCaKeS\" email sent: 1 bytes: 3602
username: you" email sent: 1 bytes: 2225
username: Viagra email sent: 1 bytes: 2561
username: (ns2 server)" email sent: 1 bytes: 796
username: sale" email sent: 1 bytes: 3229
I would appreceiate any information, or a link to a post reguarding a fix for this hole in my securty dam.
Thanks
Last edited: