Author Topic: Email server security.  (Read 19630 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Email server security.
« on: March 06, 2016, 01:30:52 PM »
Hello, how can i test email server security ? and what can i more security for email server ?
thank you.

Offline
*****
Re: Email server security.
« Reply #1 on: March 06, 2016, 01:58:19 PM »
Hello, how can i test email server security ? and what can i more security for email server ?
thank you.

Install spamhaus with csf enabled

Offline
***
Re: Email server security.
« Reply #2 on: March 14, 2016, 06:03:27 AM »
Hello, how can i test email server security ? and what can i more security for email server ?
thank you.

Install CSF, and configure to catch smtp/pop/sshd brute forces..
And dont forget to limit client sending email per minutes

Offline
*
Re: Email server security.
« Reply #3 on: March 24, 2016, 11:00:53 PM »
Thank you jae. it's Worked.  ;) i use csf without spamhous ? is a required rellay ?

Offline
*
Re: Email server security.
« Reply #4 on: March 24, 2016, 11:04:33 PM »
i can not stop this is. how can i do that ? try to every secont only one domain on cwp.


Mar 25 00:56:28 cwp postfix/smtpd[1662]: setting up TLS connection from mail.vosmoa.cz[89.239.8.138]
Mar 25 00:56:28 cwp postfix/smtpd[1662]: Anonymous TLS connection established from mail.vosmoa.cz[89.239.8.138]: TLSv1 with cipher AES256-SHA (256/256 bits)
Mar 25 00:56:28 cwp postfix/smtpd[3810]: setting up TLS connection from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]
Mar 25 00:56:29 cwp policyd-spf[4182]: None; identity=helo; client-ip=89.239.8.138; helo=mail.vosmoa.cz; envelope-from=<>; receiver=fordkimberley2679@parkeddomain.com
Mar 25 00:56:29 cwp postfix/smtpd[1662]: NOQUEUE: reject: RCPT from mail.vosmoa.cz[89.239.8.138]: 450 4.1.1 <FordKimberley2679@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<FordKimberley2679@parkeddomain.com> proto=ESMTP helo=<mail.vosmoa.cz>
Mar 25 00:56:29 cwp postfix/smtpd[3810]: Anonymous TLS connection established from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]: TLSv1 with cipher AES128-SHA (128/128 bits)
Mar 25 00:56:29 cwp postfix/smtpd[1662]: disconnect from mail.vosmoa.cz[89.239.8.138]
Mar 25 00:56:29 cwp policyd-spf[3812]: None; identity=helo; client-ip=72.38.66.174; helo=exchange.jbm.ca; envelope-from=<>; receiver=fields.shirley2159@parkeddomain.com
Mar 25 00:56:29 cwp postfix/smtpd[3810]: NOQUEUE: reject: RCPT from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]: 450 4.1.1 <Fields.Shirley2159@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Fields.Shirley2159@parkeddomain.com> proto=ESMTP helo=<exchange.jbm.ca>
Mar 25 00:56:30 cwp postfix/smtpd[3810]: disconnect from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]
Mar 25 00:57:18 cwp postfix/smtpd[3803]: connect from mail.zsblazkova.cz[217.66.160.139]
Mar 25 00:57:18 cwp postfix/smtpd[3803]: setting up TLS connection from mail.zsblazkova.cz[217.66.160.139]
Mar 25 00:57:19 cwp postfix/smtpd[3803]: Anonymous TLS connection established from mail.zsblazkova.cz[217.66.160.139]: TLSv1 with cipher AES256-SHA (256/256 bits)
Mar 25 00:57:19 cwp policyd-spf[3822]: None; identity=helo; client-ip=217.66.160.139; helo=mail.zsblazkova.cz; envelope-from=<>; receiver=baileyhaywood53066@parkeddomain.com
Mar 25 00:57:19 cwp postfix/smtpd[3803]: NOQUEUE: reject: RCPT from mail.zsblazkova.cz[217.66.160.139]: 450 4.1.1 <BaileyHaywood53066@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<BaileyHaywood53066@parkeddomain.com> proto=ESMTP helo=<mail.zsblazkova.cz>
Mar 25 00:57:19 cwp postfix/smtpd[3803]: disconnect from mail.zsblazkova.cz[217.66.160.139]
Mar 25 00:57:20 cwp postfix/smtpd[1662]: connect from mail.ndc.dk[77.68.238.147]
Mar 25 00:57:20 cwp postfix/smtpd[1662]: setting up TLS connection from mail.ndc.dk[77.68.238.147]
Mar 25 00:57:20 cwp postfix/smtpd[1662]: Anonymous TLS connection established from mail.ndc.dk[77.68.238.147]: TLSv1 with cipher AES256-SHA (256/256 bits)
Mar 25 00:57:21 cwp policyd-spf[4182]: None; identity=helo; client-ip=77.68.238.147; helo=mail.ndc.dk; envelope-from=<>; receiver=shorttisha15602@parkeddomain.com
Mar 25 00:57:21 cwp postfix/smtpd[1662]: NOQUEUE: reject: RCPT from mail.ndc.dk[77.68.238.147]: 450 4.1.1 <ShortTisha15602@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<ShortTisha15602@parkeddomain.com> proto=ESMTP helo=<mail.ndc.dk>
Mar 25 00:57:21 cwp postfix/smtpd[1662]: disconnect from mail.ndc.dk[77.68.238.147]
Mar 25 00:57:33 cwp postfix/smtpd[3803]: connect from mail.vosmoa.cz[89.239.8.138]
Mar 25 00:57:33 cwp postfix/smtpd[3803]: setting up TLS connection from mail.vosmoa.cz[89.239.8.138]
Mar 25 00:57:33 cwp postfix/smtpd[3810]: connect from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]
Mar 25 00:57:33 cwp postfix/smtpd[3803]: Anonymous TLS connection established from mail.vosmoa.cz[89.239.8.138]: TLSv1 with cipher AES256-SHA (256/256 bits)
Mar 25 00:57:33 cwp postfix/smtpd[3810]: setting up TLS connection from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]
Mar 25 00:57:34 cwp policyd-spf[3822]: None; identity=helo; client-ip=89.239.8.138; helo=mail.vosmoa.cz; envelope-from=<>; receiver=fordkimberley2679@parkeddomain.com
Mar 25 00:57:34 cwp postfix/smtpd[3803]: NOQUEUE: reject: RCPT from mail.vosmoa.cz[89.239.8.138]: 450 4.1.1 <FordKimberley2679@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<FordKimberley2679@parkeddomain.com> proto=ESMTP helo=<mail.vosmoa.cz>
Mar 25 00:57:34 cwp postfix/smtpd[3810]: Anonymous TLS connection established from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]: TLSv1 with cipher AES128-SHA (128/128 bits)
Mar 25 00:57:34 cwp postfix/smtpd[3803]: disconnect from mail.vosmoa.cz[89.239.8.138]
Mar 25 00:57:34 cwp policyd-spf[3812]: None; identity=helo; client-ip=72.38.66.174; helo=exchange.jbm.ca; envelope-from=<>; receiver=fields.shirley2159@parkeddomain.com
Mar 25 00:57:34 cwp postfix/smtpd[3810]: NOQUEUE: reject: RCPT from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]: 450 4.1.1 <Fields.Shirley2159@parkeddomain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Fields.Shirley2159@parkeddomain.com> proto=ESMTP helo=<exchange.jbm.ca>
Mar 25 00:57:35 cwp postfix/smtpd[3810]: disconnect from s72-38-66-174.static.comm.cgocable.net[72.38.66.174]

Offline
***
Re: Email server security.
« Reply #5 on: March 25, 2016, 01:57:09 AM »
i can not stop this is. how can i do that ? try to every secont only one domain on cwp.

you can put unwanted ip on /etc/csf/csf.deny , but not recomended ( i think), because you might will have a huge list.
Easiest way is using real time rbl checking,  at least barracuda,  spamcop, spamhouse and sorbs

Offline
*
Re: Email server security.
« Reply #6 on: May 06, 2016, 07:27:40 AM »
you can put unwanted ip on /etc/csf/csf.deny , but not recomended ( i think), because you might will have a huge list.
Easiest way is using real time rbl checking,  at least barracuda,  spamcop, spamhouse and sorbs

I had set the following in main.cf but still lots of spam mail connection attempts.
Quote
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net,check_policy_service unix:private/spfpolicy

Any better idea to get this resolve?

Offline
*****
Re: Email server security.
« Reply #7 on: May 06, 2016, 07:38:47 AM »
you cant stop spamming but you can limit them

Offline
*
Re: Email server security.
« Reply #8 on: May 06, 2016, 07:58:43 AM »
you cant stop spamming but you can limit them

Ya, you are right.
I had limited the spam on VPS by using the CSF custom regex & fail2ban.

You may refer to this http://forum.centos-webpanel.com/csf-firewall/csf-custom-regex-fail2ban-regex/.

Offline
*
Re: Email server security.
« Reply #9 on: September 25, 2018, 12:19:46 AM »
Does anyone know how to implement the Spamhaus recommendations of wrapping the SMTP daemon and blocking direct-to-MX sending? https://www.spamhaus.org/news/article/718/stop-spammers-from-exploiting-your-webserver
Is this something CWP can help set up?

Offline
*
Re: Email server security.
« Reply #10 on: May 16, 2020, 05:46:59 PM »
Installing Spamhaus is mandate in AntiSpam or we can leave Uninstall it ?