Wednesday, April 05, 2006

Fun with Postfix

The new web/mail server is online and configured to my liking. I decided to go with Postfix instead of Exim to try something new. It was painless to set up, but shortly afterwards I noticed a spam attack that successfully relayed a message using the server by a complex attack involving a bogus auterytech email address that was denied, followed by a blank from address.

It was a good exploit, actually, but it galvanized me into action, and I spent the next couple of days locking down the server against similar exploits and common identifiable spam headers. Since I don’t actually source any emails from auterytech, I was able to take further action and defer outbound SMTP traffic to a hold queue in case I missed something, and to go for broke I blocked outbound port 25 traffic on that server from my router. OK, relay a message now, Mr. Script Kiddie!

Why don’t I send email from auterytech? What’s the point of registering a domain and configuring a mail server to not send mail? Roadrunner. The IP address range for Roadrunner customers (and other services giving machines semi-dynamic addresses) is blocked on a lot of mail servers. I don’t have the money to pipe in my own T1 line, but I do have the serenity to accept the things I cannot change.

No comments:

Post a Comment