Malicious traffic being sent from our mail Server - Help!
Hi,
We are running sun java msg 2005Q4 messaging on Solaris 10. There're absolutely no issues except that it is sending Malicious traffic outside.
We are getting warning messages from our ISP frequently that the host with IP (our mail server IP) is sending malicious traffic ( it is not SPAM) as the destination port is 23 (telnet) due to it is infected with virus/worm/trojan.
We have firewall running and does NAT our mail Server.
How can i resolve this issue.
TIA,
prvn
# 1
Hm.If your box is sending stuff out on port 23, it's not likely that it's the mail server doing it.
Remember, the box isn't a mail server. Software running on the box is.Somebody may have installed other software on it.
Solaris does have a security vulnerability with Telnet. You may need to patch your OS.
# 2
Hi Jay,
Thanks for your response. Yep! its not the mail server doing this stuff. I tried applying Security toolkit, other OS hardening etc. but not much of help.
We decided to start rebuilding from scratch incl. format and install OS...
As per our plan, we will need atleast 8-10 hours of mail services down. We may lose our mails during this time.
I would like to know if there is any way to setup any other box such that it stores all the incoming mails (of course, MX with next preference taken care of) and forwards to production box once it is made up.
TIA
Prvn
# 3
While you can certainly build an inbound relay that will queue the messages up, it's unlikely you will loose any messages if you simply take your system down.
True mail will be automatically retried by any normal server for several days. Mail servers go down all the time, and SMTP was designed around that.You may, however, miss the spam that's addressed to your users, as botnets don't retry.
