On Wed, 14 Aug 2013 10:17:12 +0100 Darac Marjal articulated:
On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote:
Hi,
THIS IS URGENT
I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx@evg-mail.org which does not exist in the mysql db.
I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out
I think it's probably going to be more effective to "lock down" postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to "lock down" dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess).
I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle.
This problem would be better served on the Postfix forum. If you do decide to post there, please follow the suggestions on:
http://www.postfix.org/DEBUG_README.html#mailSpecifically:
Output from "postconf -n". Please do not send your main.cf file, or 500+ lines of postconf output.
Better, provide output from the postfinger tool. This can be found at http://ftp.wl0.org/SOURCES/postfinger
-- Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.