Subj : Re: How to detect WORMS/VIRUS that send spam To : comp.os.linux.networking,comp.os.linux.misc,comp.os.linux,comp.os.linux.help,comp.mail.misc From : Alan Connor Date : Tue Aug 03 2004 08:51 am On 3 Aug 2004 00:31:26 -0700, Steve Phils wrote: > > > Hi Linux Techies, > > My firm is using Linux Mandrake configuartion for our mail server Which one does Mandrake use? Sendmail? Exim? Postfix?... > and > the internal computers connect through LAN technologies like Ethernet > which used with DSL/Cablemodems and dialup connections. This mail > server act as the proxy or firewall for all sort of internet > activities(browsing,chating,file transfers,..) A mail server can't do that. You must mean the box that it is on. >.Internal computers are > mostly Windows and Linux based(maximum of 20 PCs altogether). > Currently we noticed that all of our staff members are receiving lot > of spam mails with some attachments(mostly with some *.pif extension) > in their official mail address. I notice that the spamming is > happening only the days our mail server is up(On holidays spam is not > happening). How would you know that if the server wasn't up? What do you use for a spamfilter? > Unfortunately I'm the one who administering the > configuration and all other computer related activities.I'm not an > expert in networking or even in Linux OS internals though :-). > No kidding. > I'm digging deep to find any VIRUS/WORMS really reside in our LINUX > mailserver. There probably aren't any. It could pass on mails that contained executables that are dangerous to Windoze boxes but that's about it. > How can I know any vulnerabilities in LINUX machine? Make sure you have a good firewall. Iptables with a decent ruleset will do it. You probably already *have* one, actually. > Also I like to know whether some outsider can use our LINUX SMTP > server to send the spam mail to happen spamming. Is anyway to check > this outside intrusion? > Your MTA should not be configured to act as an open relay, but your firewall should also block any but very selective forwarding. > What are the common ways to find such vulnerabilities in LINUX > configuration? > > Thanks! You have some serious homework to do. I've added comp.mail.misc to the crossposting. If you use sendmail, then see comp.mail.sendmail. If you use postfix, see mailing.postfix.users If you use exim subscribe to the mailing list at www.exim.org. AC -- Pass-List -----> Block-List ----> Challenge-Response The key to taking control of your mailbox. Design Parameters: http://tinyurl.com/2t5kp || http://tinyurl.com/3c3ag Challenge-Response links -- http://tinyurl.com/yrfjb .