alan milligan writes:
« HTML content follows »Hi,I've got some nasty spammer managing to send spam via my mail server by somehow authenticating as root (if I understand the logs correctly): Jun 15 22:56:04 hostname courierd: newmsg,id=000000000034D6E2.00000000557F9043.00005D5F, auth=root: dns; User (x.x-x-x.rdns.scalabledns.com [::ffff:x.x.x.x])My authdaemon (latest version: 0.66.2) is configured with pam and ldap (LOGIN auth only): but there is *no* password set for the root user (it's RSA identity only). It would seem quite impossible that this user really can be authenticated as root.
There is a difference between having an empty password, or having password authentication blocked for a particular userid. If you simply have no password set for the root user, it is an empty password, and anyone can attempt to authenticate as root by supplying an empty password.
Try to su to root, and hit enter when prompted for a password. If you succeed, congratulations, anyone on the box can get root without a password.
The correct way to disable password-based authentication for root, or any other account, with the only way to get root being an ssh key, is to set root's password to some long gibberish password, that's quickly forgotten. Then, the only way to log in is with an ssh key.
pgp4XWKJK46T1.pgp
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
