0

Since I switch to my own mail server (I folowed this two tutorials: https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql and https://www.digitalocean.com/community/tutorials/how-to-configure-a-mail-server-using-postfix-dovecot-mysql-and-spamassasin) I have spammed all times 15 in 15 minutes...
Why?

Maybe my mail server is insecure?

Today I received a mail which in from field is exactly my hostname (Ubuntu) that I have configured in postfix/dovecot: see:

From: Roberto@Ubuntu, Rojas@Ubuntu
To: ******@******.com
Subject: ***** SPAM 10.3 ***** your life will never be the same

How they discovered my hostname?

Is there a possibility of spammers have entered in my computer and see/delete/edit some of my files?

I have too a HTTP, FTP and telnet 7300 to proper software, Servers in same machine

DiogoSaraiva
  • 389
  • 3
  • 16
  • Check the email logs. What you see in `From:` field is one thing, what was given in SMTP protocol on the `mail from:` line is another (normally should be the same but spammers fake From fields to bypass antispam measures) and where the mail actually came from is the third thing :) – Dan Feb 15 '15 at 18:50

1 Answers1

1

For a mail server, there are free services that will check the various security measures for your domain. Check this site as an example:

http://mxtoolbox.com/

Check your domain and implement the recommendations that the site suggests and your mail server should be secure.

Since you have other services running on the server (assuming Ubuntu, and exposed to the Internet), you might have any number of security weaknesses. Have you tried using penetration testing software, or researched ways to secure Ubuntu server? There are plenty of tutorials available for securing Ubuntu. Here is a highlight of things to implement in Ubuntu for security from this blog post:

https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics

  1. Install and configure Firewall - ufw
  2. Secure shared memory - fstab
  3. SSH - Key based login, disable root login and change port
  4. Apache SSL - Disable SSL v3 support
  5. Protect su by limiting access only to admin group
  6. Harden network with sysctl settings
  7. Disable Open DNS Recursion and Remove Version Info - Bind9 DNS
  8. Prevent IP Spoofing
  9. Harden PHP for security
  10. Restrict Apache Information Leakage
  11. Install and configure Apache application firewall - ModSecurity
  12. Protect from DDOS (Denial of Service) attacks with ModEvasive
  13. Scan logs and ban suspicious hosts - DenyHosts and Fail2Ban
  14. Intrusion Detection - PSAD
  15. Check for RootKits - RKHunter and CHKRootKit
  16. Scan open Ports - Nmap
  17. Analyse system LOG files - LogWatch
  18. SELinux - Apparmor
  19. Audit your system security - Tiger

You could follow this and other tutorials on the Web, just be aware that security is a moving target and you will need to stay on top of security updates for your hardware/software stack (server OS, application servers, firewalls, etc.) to prevent future attacks. This blog post is extensive, but created in 2012, so there are updates and things that will not be appropriate to your system.

This topic can get quite detailed, so give yourself time to learn, and check for answers to specific questions (e.g. how do I implement DKIM for my mail server?) on SF.

Robert Munn
  • 126
  • 1