"Terrell Prudé, Jr." microman at cmosnetworks.com
Tue Oct 5 12:02:34 UTC 2004

Rick O'Dell wrote:

>	I'm running Postfix on a k12ltsp 4.01. Log Watch for mail logs an
>unauthorized user trying to login. It list dozens of passwords they have
>tried. I have dumped the Ip address into host deny file, but next day a new
>ip address (possibly on a dialup). My question is, what if I disable SSH or
>is this a no no??????? What are the adverse effects to me???

No problem.  Just use a little iptables magic, like so:

iptables -A INPUT -i eth1 -p tcp --source w.x.y.z --destination-port 22 
iptables -A INPUT -i eth1 -p tcp --destination-port 22 -j DROP

This assumes that you're accessing your K12LTSP server from IP address 
w.x.y.z, and that eth1 is what's touching the Internet.

Also, of course, make sure that your OpenSSH and OpenSSL are up to the 
latest rev (currently 3.9p1 and 0.9.7d, respectively).

But that doesn't stop folks from making SMTP or other connections to 
your mail server.  I'm assuming that you're using IMAP, POP3, or SMTP 
AUTH.  Due to the fact that anyone from anywhere can send you email (e. 
g. this list), then the best thing I can recommend is requiring strong 
passwords for your users and staying up on your security patches.  I 
also run Postfix, in my case with SMTP AUTH.  Plenty of folks are 
repeatedly trying to log into my mail server (I use Courier-IMAP).  I 
stay up on my patch levels and enforce strong passwords.  Crackers 
haven't gotten in yet (knock on wood!).

Hope this helps,

Do you GNU!? <http://www.gnu.org>
Be virus- and spam-free with Free/Open Source Software (FOSS). Check it 
out! <http://www.mozilla.org/thunderbird>

More information about the K12OSN mailing list