Logs and how to read them
Rodolfo J. Paiz
rpaiz at simpaticus.com
Thu Apr 22 16:01:35 UTC 2004
At 16:20 4/21/2004, you wrote:
>But, instead of trying to harden your sendmail you should spend the time
>to switch to another MTA. I decided for postfix, but e.g. exim may be a
>good choice, too (it has excellent documentation).
Quit telling the guy to switch MTA's, for God's sake. Fix his problem...
*then* when we've got him out of the fire, you can tell him that you think
$MAILSERVER would be better for him. But right now, let's fix his system!
> > One thing I did notice after reading this reply is yes, I can set up a
> > external SMTP on a Windows machine and go through my firewall and connect
> > to it, but the internal machines are all using my SMPT server, there are
> > only 8 internal machines so it was easy to check. I dont think that is
> how
> > the SPAM got out, I trust these users.
>
>There are a lot newer viruses around which have their own SMTP
>functionality! They don't use your email program's configuration or SMTP
>function. They have their own and it is sufficient if the firewall lets
>pass SMTP communication. You should immediately reconfigure the firewall
>to block port 25.
This is mostly correct. If all those users are supposed to use your SMTP
server, then set up your firewall accordingly. I do not suggest blocking 25
outbound, but rather *redirecting* tcp/25 to your mail server. That way,
*any* attempts to connect to an SMTP server will be redirected to yours.
And if one of your Windows users does have a worm, it'll be unable to talk
to the outside but you will see it's attempts in your maillog.
Much better this way: you get better problem warning and control, the users
get full functionality, the virii get stopped, and outside systems never
get bothered.
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the fedora-list
mailing list