Loading ...
Sorry, an error occurred while loading the content.
 

Server found while in construction - beware

Expand Messages
  • Robert Moskowitz
    Lesson here about how open you make a new server while under construction. Fortunately for me, my first step before starting postfix was to apply my recipe
    Message 1 of 2 , Feb 27, 2013
      Lesson here about how open you make a new server while under
      construction. Fortunately for me, my first step before starting postfix
      was to apply my 'recipe' of postconf commands? Anyway the system is
      publicly addressed, but on a different subnet than the production box it
      will replace. I am running this way, as this time if all goes right
      (and this is my 5th build test), I drain the old box, change the
      addresses on this new one and swap them out.

      Public DNS for this is its IPaddr.domain so it shows how the robots look
      for any working address with port 25 available:

      Feb 27 03:57:23 klovia postfix/smtpd[7677]: connect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 03:57:24 klovia postfix/smtpd[7677]: NOQUEUE: reject: RCPT from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1
      <111@...>: Relay access denied; from=<amd2@...>
      to=<111@...> proto=SMTP helo=<208.83.67.180>
      Feb 27 03:57:24 klovia postfix/smtpd[7677]: lost connection after RCPT
      from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 03:57:24 klovia postfix/smtpd[7677]: disconnect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max connection
      rate 1/60s for (smtp:36.231.85.78) at Feb 27 03:57:23
      Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max connection
      count 1 for (smtp:36.231.85.78) at Feb 27 03:57:23
      Feb 27 04:00:44 klovia postfix/anvil[7679]: statistics: max cache size 1
      at Feb 27 03:57:23
      Feb 27 08:11:07 klovia postfix/smtpd[8254]: connect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 08:11:08 klovia postfix/smtpd[8254]: NOQUEUE: reject: RCPT from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1
      <111@...>: Relay access denied; from=<amd2@...>
      to=<111@...> proto=SMTP helo=<208.83.67.180>
      Feb 27 08:11:08 klovia postfix/smtpd[8254]: lost connection after RCPT
      from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 08:11:08 klovia postfix/smtpd[8254]: disconnect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max connection
      rate 1/60s for (smtp:36.231.85.78) at Feb 27 08:11:07
      Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max connection
      count 1 for (smtp:36.231.85.78) at Feb 27 08:11:07
      Feb 27 08:14:28 klovia postfix/anvil[8256]: statistics: max cache size 1
      at Feb 27 08:11:07
      Feb 27 12:26:46 klovia postfix/smtpd[9705]: connect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 12:26:47 klovia postfix/smtpd[9705]: NOQUEUE: reject: RCPT from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1
      <111@...>: Relay access denied; from=<amd2@...>
      to=<111@...> proto=SMTP helo=<208.83.67.180>
      Feb 27 12:26:47 klovia postfix/smtpd[9705]: lost connection after RCPT
      from 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 12:26:47 klovia postfix/smtpd[9705]: disconnect from
      36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]
      Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max connection
      rate 1/60s for (smtp:36.231.85.78) at Feb 27 12:26:46
      Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max connection
      count 1 for (smtp:36.231.85.78) at Feb 27 12:26:46
      Feb 27 12:30:07 klovia postfix/anvil[9707]: statistics: max cache size 1
      at Feb 27 12:26:46
    • Reindl Harald
      ... ah hinet.net - as far as i remember this is the asian large crap provider where you get FIVE biubces as response to a abuse-mail and i temprary blocked
      Message 2 of 2 , Feb 27, 2013
        Am 27.02.2013 22:08, schrieb Robert Moskowitz:
        > Lesson here about how open you make a new server while under construction. Fortunately for me, my first step
        > before starting postfix was to apply my 'recipe' of postconf commands? Anyway the system is publicly addressed,
        > but on a different subnet than the production box it will replace. I am running this way, as this time if all goes
        > right (and this is my 5th build test), I drain the old box, change the addresses on this new one and swap them out.
        >
        > Public DNS for this is its IPaddr.domain so it shows how the robots look for any working address with port 25
        > available:
        >
        > 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]: 554 5.7.1 <111@...>: Relay access denied;
        > from=<amd2@...> to=<111@...> proto=SMTP helo=<208.83.67.180>
        > Feb 27 03:57:24 klovia postfix/smtpd[7677]: lost connection after RCPT from
        > 36-231-85-78.dynamic-ip.hinet.net[36.231.85.78]

        ah "hinet.net" - as far as i remember this is the asian large
        crap provider where you get FIVE biubces as response to a
        abuse-mail and i temprary blocked aroubd 1 Mio. IP addresses
        from them in iptables

        in fact, what you are showing is the sad truth

        making any machine public and not secured and it may lead
        to intrusions within minutes or sometimes seconds, that
        is why all the "but who is interested in me" carells hobbiests
        are completly wrong

        nearly ten years ago a simple test and 10 years ago was virtually
        notihing compared to now in context of attacks and intrusions

        * samba on the WAN
        * a completly fresh ip-address
        * guest account enabled
        * voila, a collection of all known and unknown malwares from a to z in the share
        * timeframe: 10 minutes up to an hour
      Your message has been successfully submitted and would be delivered to recipients shortly.