NetGeek Posted December 11, 2004 Share Posted December 11, 2004 Hi.. I don't know if this the right place to shoot such questions.. so I apologise in advance if its not.. Some ISP had blocked my server IP. When I contacted them they said its due of alot of namesapce minning coming out of my server to their networks. The minning is done by Dictionay attacks querying many e-mail aliases without actually sending any data to an unacceptably large percentage of the attempted e-mail aliases. What is the best way to lookup my logs to pin the attacker? Giving there is alot of leg. email traffic between my server and that ISP. And am running linux/exim server. Regards Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 11, 2004 Share Posted December 11, 2004 Hope someone more knowledgable comes along soon. (and there are plenty who will help you out) The place to look might be in your firewall logs. Since you don't have an Exchange server, it wouldn't be one of the password exploits, I wouldn't think. If there is something compromised, it sometimes goes out through ports that are not normal email ports. That's not very geeky talk, since I am not a geek, but that's what I have gathered from other people who have had problems. Miss Betsy Link to comment Share on other sites More sharing options...
Jeff G. Posted December 12, 2004 Share Posted December 12, 2004 Please implement all of the security patches for every product you run on that server. Please see FAQ Entry: Am I Running Mailing Lists Responsibly?, noting that "Application Note: Guidelines for proper mailing list management" has replaced "Basic Mailing List Management Guidelines for Preventing Abuse". Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.