EMERGENCY - need to secure my server against an ongoing SPAMMER
Roger Grosswiler
roger at gwch.net
Mon Mar 14 07:03:25 UTC 2005
Roger Grosswiler schrieb:
> Bob Brennan schrieb:
> [snip]
>
>>> Probably a good idea to shut them off semi-permanently:
>>> add these lines to your iptables firewall:
>>> (Note - there are more general ways to script iptables setups)
>>> (Read "better ways", but this is a specific example)
>>>
>>> # Next 8 lines specific to tfn.net.tw
>>> # Log any connection attempts by tfn,net.tw
>>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j LOG --log-prefix
>>> "static.tfn.net.tw"
>>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP -j LOG
>>> --log-prefix "dynamic.tfn.net.tw "
>>>
>>> # Drop dynamic.tfn.net.tw
>>> iptables -A INPUT -i eth0 -s 61.31.0.0/16 -j DROP
>>> # Drop static.tfn.net.tw
>>> iptables -A INPUT -i eth0 -s 219.81.0.0/16 -j DROP
>
> [/snip]
>
> Hi Bob,
>
> Good way to get the spammer of your ports ;-)
>
> See here 2 links, where you chan check your mailserver immediately for
> your "open relay". There is no need to register or whatever - just type
> your ip and go. You will see if your mailserver is secure enough or
> which methods still could be used, to send spam via your mailserver.
>
> http://www.relaycheck.com/test.asp
> http://www.antispam-ufrj.pads.ufrj.br/
>
> Have you built-in RBL-Support for your mailserver? This perhaps could
> get your spammer even off your mailserver. See 3 free lists below.
>
> bl.spamcop.net,
> relays.ordb.org,
> sbl.spamhaus.org,
>
> btw. preferably you use by today no longer pop-before-smtp, either use
> smtp-auth. If you authenticate your users in pop/imap against mysql you
> COULD use the same database for smtp either.
>
> HTH
> Roger
>
btw. doing perror 13 in shell gives the following:
[roger at link ~]$ perror 13
Error code 13: Permission denied
...i had this too, this was an issue from selinux. You could either
disable mysql-support in selinux (system-config-securitylevel) or try to
relabel your system. This helped me, in some way (...)
/sbin/fixfiles relabel
make also sure, that your /var/lib/mysql is chowned -R mysql:mysql
HTH
Roger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: roger.vcf
Type: text/x-vcard
Size: 182 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050314/b606f4fe/attachment-0001.vcf>
More information about the fedora-list
mailing list