我在 Centos 5 上运行 Parallels Plesk 12,并寻求保护我的 smtp 服务器。当我查看日志时,我看到了一些奇怪的行,我猜想这是黑客连接。
有人知道如何保护我的服务器吗?
Oct 10 00:10:45 $myhost$ postfix/smtpd[5736]: warning: XX-XXX-XX-XX-
SFBA.hfc.comcastbusiness.net[XX.XXX.XX.XX]: SASL LOGIN authentication failed:
authentication failureHas someone any idea on how to secure my server from this ?
(情况1)
Oct 10 00:10:45 myhost postfix/smtpd[5736]: warning: XX-XXX-XX-XX-
SFBA.hfc.comcastbusiness.net[XX.XXX.XX.XX]: SASL LOGIN authentication failed:
authentication failure
(案例 2)
Oct 10 18:34:11 myhost postfix/qmgr[15890]: 34FEE24FD3: from=<>, size=17347, nrcpt=1 (queue active)
Oct 10 18:34:11 myhost postfix/qmgr[15890]: 79A9224FD2: from=<>, size=17353, nrcpt=1 (queue active)
Oct 10 18:34:11 myhost postfix/smtp[17264]: certificate verification failed for mail.opencamp.fr[92.222.41.176]:25: self-signed certificate
Oct 10 18:34:11 myhost postfix/smtp[17264]: 79A9224FD2: to=<[email protected]>, relay=mail.opencamp.fr[XX.XXX.XX.XX]:25, delay=20963, delays=20963/0.07/0.11/0.04, dsn=4.2.2, status=deferred (host mail.opencamp.fr[XX.XXX.XX.XX] said: 452 4.2.2 Mailbox full (in reply to end of DATA command))
Oct 10 18:34:13 myhost postfix/smtp[17263]: certificate verification failed for mail.opencamp.fr[92.222.41.176]:25: self-signed certificate
Oct 10 18:34:13 myhost postfix/smtp[17263]: 34FEE24FD3: to=<[email protected]>, relay=mail.opencamp.fr[XX.XXX.XX.XX]:25, delay=20964, delays=20962/0.05/2/0.05, dsn=4.2.2, status=deferred (host mail.opencamp.fr[XX.XXX.XX.XX] said: 452 4.2.2 Mailbox full (in reply to end of DATA command))
答案1
我通过创建 iptables 规则来保护服务器免受此 ip 的侵害:
modify /etc/sysconfig/iptables to include rules :
-A INPUT -p tcp --destination-port 25 -j DROP
-I INPUT -s XX.XXX.XX.XX -j DROP
>>> /etc/init.d/iptables save
>>> /etc/init.d/restart save