Phpmailer can authenticate itself, but usually the attacker doesn't know the mail-password and relies on mail-relaying without authentication.
Posts by biologist
-
-
My general FW-Policy:
as per default, I drop everything IN + OUT. After then, beside of localhost and icmp-rules, I add rules for IN as well as OUT for every service. This is a bit complicated, as you have to think in both directions, but gives granular control about what is allowed. I usually DROP unwanted traffic but this is just my opinion.However, your script above for postfix is just the other way around (negation) but works the same. As I already stated, I don't allow any dport 465/587-communication - does postfix really try to use these ports as dports?
One thing to keep in mind: even root is not allowed to use port 25 outgoing, when it's only configured for postfix. This is ok, but one has to remember this when doing any connection-tests (using telnet)
-
Yes, I absolutely think so! One time I had this problem with massive spamming (with "big party" subsequently, because my IP was blacklisted). While analyzing the source I recognized, that not only mails via postfix were relayed but also directly with an own smtp-engine. That's when I implemented this. After then there were another situations, were a script tried to relay directly. But this time, I was on the driver's seat
In the end, there was not even one user complaining about not beeing able to relay directly.I have to admit: I just implemented this for port 25, but it would rather make sense to do the same for 465 and 587
EDIT: Just reviewed my firewall-script - dport 465 and dport 587 are not allowed at all. Only sports 465/587 are allowed (without restriction) but as postfix is usually attached to these ports, this is fine.
-
You just need the corresponding iptables-kernel-module to be loaded. -
Whenever I had "hacked" websites on my server, attackers got notice of ftp-user-accounts and abused them. So they uploaded php-scripts using ftp, which were executed by an http-call thereafter and deleted subsequently. So keep a look at proftpd's logfiles and change user-passwords if necessary. One thing to keep in mind: you cannot be sure, that spamming-scripts relay mails using postfix. Some of them got an own smtp-engine so you probably don't even notice these mails. Thats why on my system, only the postfix-user is allowed to communicate with foreign hosts with destination port 25.
If I'd start the webhosting-business again from scratch, I'd additionally implement the configuration from Nuxwin's previous post. Unfortunately I didn't enforce this in the very beginning. So now, with hundrets of domains running, I cannot simply change this, because my client's websites rely on "trusted localhost". That said: by enforcing client-authentication (postfix) in parallel with the firewall-thing described above, you can almost certainly be sure, that your server will not be abused by spammers. Exception: attackers get notice of mail-accounts of your clients...
To explain this what is happening on your server...
In general, there are two way of sending mails using php:
a) The function mail(), which is an integrated part of php. By disabling this function using php.ini, you can prevent users to use this way of sending mails.
b) You code an own mail-engine using php - this is especially the case when using phpmailer. This framework doesn't rely on mail(), so disabling the function doesn't affect this. And as I said above: these engines doesn't use postfix necessarily... -
I don't get your point. If these are the recject-codes of your server, your server's spam-protection is running.
-
Und wieso schaust du dir dann nicht einfach mal die Config von proftpd an und gehst auf proftpd.org, damit du weißt, wie man Logging konfiguriert?
Ansonsten debuggst du proftpd halt http://www.proftpd.org/docs/howto/Debugging.html.
Junge Junge... was denkt ihr euch eigentlich dabei, mit so wenig Wissen Serverdienste zu betreiben? -
Warum hast du eigentlich überhaupt noch 5.3 laufen?
http://www.heise.de/developer/…fuer-PHP-5-3-2293804.html -
Also ich habe Mailkonten bislang noch immer mit rsync umgezogen und das hat nie Probleme gemacht. Auf Dateisystem-Ebene ist aufgrund der gleichen User/Rechte aller Mailkonten ja ohnehin ne recht triviale Sache.
-
Wer nutzt denn noch SVN?
Ich zum Beispiel
Habe meine Dissertation mit LaTeX in Eclipse geschrieben und damit immer den Kram auf meinem Server eingecheckt. Hat super funktioniert. Ich sehe den Usecase auch nach wie vor nicht für sowas GIT zu verwenden. Sei's drum...
Zurück zum Thema: da gibt es mit imscp überhaupt keine Berührungspunkte und demnach auch keine Komplikationen.