A friend has a small company with an opensuse linux computer and their ISP just told them that something’s sending spam. The person who set this computer up is long since gone. They don’t know anything about linux and have no idea what programs are on there.
Two things to consider. Any box, ever, can be the source of spam if a
user on that box wants it to be. It does not matter at all if the system
is running an open relay as a mail server or not if the box is compromised.
To see if your box is an open relay… well, there are several ways to be
an open relay. What kind of spam is the ISP saying is coming from their
box? Should the box be sending mail at all? If so, what kind of mail
from where to where? If the box should never be relaying mail via SMTP
just make sure the firewall is, as is the default, block SMTP port 25.
The mail server also, by default, only listens on localhost so you could
prevent that though changing the firewall is an easier and usually better
solution in this case. If the box should never be sending mail at all
then watch for when it does and what it sends and work back from there.
On 06/11/2010 10:56 AM, 6tr6tr wrote:
> A friend has a small company with an opensuse linux computer and their
> ISP just told them that something’s sending spam. The person who set
> this computer up is long since gone. They don’t know anything about
> linux and have no idea what programs are on there.
> How would I figure out:
> 1. If there’s an emailing program on there
> 2. Whether it’s sending or capable of sending spam
> 3. Lock it down
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> Thanks for the help!
> firstname.lastname@example.org;2175474 Wrote:
>> If the box should never be sending mail at all then watch for when it
>> does and what it sends and work back from there.
> How do I do this?
Easiest thing to do would be to start by disabling postfix and/or
sendmail. Do this in YaST’s runlevel editor.
If it’s supposed to send mail, then you’ll need to use YaST’s
configuration editor for the mailer program (I believe Postfix is the
default selection these days) and set up security options to allow mail
only from the local machine, or to use authenticated SMTP, or from a
local network (of course, if a machine on the local network is
compromised, that may be what’s causing the issue, too).
you may need to advise your friend to hire a temporary or part time
what country are you in…that is what language is the operation
language on the server? i ask because i know a top notch, trustworthy
admin guy in Slovenia that could do all this from afar…for a fair
and reasonable price…