Mail server analysis
Results 1 to 3 of 3

Thread: Mail server analysis

Hybrid View

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    1

    Exclamation Mail server analysis

    One of my friend is having some problem with her mail server and I don't know how to deal with it or how to explain. She does gave me a pcap file, from that I guess some spam problem. But I don't know exactly or sure about this. I hope you guys can point me to the right thing and ensure this.

    So, I leave it to you guys if you're willing to help or for those who like thrill. I already upload the file she gave to me here 21april.pcap


    Thank you again. I will post my own analysis about this matter soon.

  2. #2
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    From the pcap file it appears she is running postfix.
    Ask her to provide you with /etc/postfix/main.cf and post it here.
    It's the main postfix configuration file.
    It would also be helpful to have the mail log (e.g. /var/log/mail)
    In God We Trust....Everything else we backup.

  3. #3
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    The first issue I see is that she has no authentication.
    Anyone can connect and attempt to send mail.
    While relaying appears to be denied, I was able to telnet to her smtp port and send mail to local users. e.g. postmaster

    she needs to modify her postfix config to require smtp authentication.
    this may require additional software to be installed.

    Need to see the config files. as per ^.
    In God We Trust....Everything else we backup.

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 01:51 PM
  2. Central Secure Logging in a Win2k Environment
    By Tiger Shark in forum The Security Tutorials Forum
    Replies: 5
    Last Post: March 4th, 2004, 04:00 PM
  3. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 07:01 AM
  4. ******Bypass Web Censorship******
    By th3spid3r in forum AntiOnline's General Chit Chat
    Replies: 8
    Last Post: October 26th, 2003, 11:17 AM
  5. Windows 2003 Server Vulnerability
    By warl0ck7 in forum Microsoft Security Discussions
    Replies: 7
    Last Post: August 14th, 2003, 12:23 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides