-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Geesh. Disable ftp at least, if you disable no other service. If you don't do remote X at all, disable X service as well.
Are you serving a webpage locally? Disable http and perhaps https. I have the following nmap output: PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 631/tcp open ipp 1241/tcp open nessus 6000/tcp open X11 10000/tcp open snet-sensor-mgmt I run my own postfix mailserver for me, myself, and I. It is not a relay (and as others have indicated, it doesn't quite look like yours is really). I could disable X11 and nessusd I suppose as though I do the occassional remote X thing and sometimes use nessus against those who scan me (I like to light up their "warning lights" if they have any such thing to let them know that their target is on to them), it is rare. Basically, do you actually NEED the services you are running? Any that are not really used/needed, turn them off. praedor On Thursday 06 November 2003 03:44 am, Stefan Rijnhart wrote: > Op donderdag 6 november 2003 06:18, schreef David E. Fox: > > Folks - especially postfix people - I need some help - > > my box seems to have been turned into an open relay. I am > > running the same postfix configuration file I had installed > > when I was running 9.0 and later versions (currently I > > am running 9.2/cooker).. > > > > > > I have not been able to post to the list or send out any > > smtp email until I fix this.... and in the meantime have > > simply flushed (deleted) the outgoing queue in /var/spool > > /postfix via > > > > # find . /var/spool/postfix -type -f | xargs exec rm > > > > which (quickly) removes it. I removed many megabytes' worth > > of stuck email this way earlier today only to find that at > > 9 pm there was 4 megs more waiting and my isp admin had sent > > me a mail saying he disabled my smtp. > > > > > > I was under the impression postfix was relay proof - any > > advice will be helpful... > > > > Thanks! > > Hi David, > > Maybe my behaviour is a bit unmannered but I have ran some tests against > your IP, to help you fix your box (We are talking about > m206-157.dsl.tsoft.com, aren't we?) > > Your postfix says: > > 554 <[EMAIL PROTECTED]>: Relay access denied. > > Seems ok. > > Portscanner Nmap says: > > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 111/tcp open sunrpc > 135/tcp filtered loc-srv > 137/tcp filtered netbios-ns > 138/tcp filtered netbios-dgm > 139/tcp filtered netbios-ssn > 443/tcp open https > 445/tcp filtered microsoft-ds > 631/tcp open ipp > 642/tcp open unknown > 6000/tcp open X11 > > Do these ports corresond to the services that you want to offer? Otherwise, > shield them off. Do you know how to work with shorewall to accomplish that? > > Good luck, > Stefan. - -- "Our ship is in the hands of pilots who are steering directly under full sail for a rock. The whole crew may see this course to violate our liberties in full view if they look the right way." - --Samuel Adams, 1771 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/qnAAaKr9sJYeTxgRAv4SAJ9GatteTgmMSVQpL81QD04nTEZIuACfbvy0 tKZxRkF3Ixg55x6kbf2By/g= =yG6x -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com