On Wed, Aug 14, 2013 at 06:12:02AM +0000, Jay Khashan wrote:
Hi,
THIS IS URGENT
I have Debian Linux machine which I installed as a mail server with postfix, and dovecot. my mail server is setup to use SMTP relay. I currently have ports 143, 995, 25 & SSMTP ports open. in the last few days I have been under attack where email is being sent to fake email address for example xxx@evg-mail.org which does not exist in the mysql db.
I need to figure out and lock down dovecot, because I believe the attack is some kind of virus /spyware. I need to know what statement in dovecot.conf or main.cf (postfix) I can modify to lock it down. Also open to install software to combat this kind of attack. Let me know what configuration files, info do you need to help out
I think it's probably going to be more effective to "lock down" postfix (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) than it is to "lock down" dovecot (http://wiki2.dovecot.org/Authentication/RestrictAccess).
I think, if you want to accept the mail but then refuse to store it, you're looking at things from the wrong angle.