Re: IMAP security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Friday 28 March 2008 10:31:19 Kai Schaetzl wrote:
> Anne Wilson wrote on Fri, 28 Mar 2008 09:23:30 +0000:
> > Looking at those addresses in whois, I don't see any good reason for
> > these,
>
> I don't know what [IMAP rule match] means, haven't ever seen this. But it
> should be clear that if you have well-known ports open to the world that
> these attract brute-force attacks and such. That's how it is.

Yes, I understand that.  The imap port has to be open for me to use it when 
I'm away from home.  I can see how attempts would pass the router firewall, 
given that.  Hopefully the fail2ban on my server is dealing with a 
brute-force attack.
>
> > and I'm concerned in case they are relays.
>
> I'm not sure what you mean by that?
>
These, it seems, are outgoing packets.  Why, then, have they got those source 
addresses?  Is someone managing to bounce packets through my mail server to 
hide their tracks?

I've never seen many of these, just the occasional one.  Sometimes they seem 
to relate to an ntp source.  Often they seem to come from a university site.  
I think the fact that I don't see many means that I'm not being used as an 
open relay, but I'm not 100% confident of that.  I'd like to understand 
what's happening.

Anne

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux