Home Forums OS X Server and Client Discussion Questions and Answers Postfix configuration & control

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • December 21, 2006 at 2:27 pm #367878
    deemery
    Participant

    First the bad news/confession: Somehow PostFix has been running on my X Server with an open relay, and some spammers found it.

    Now the observations:
    1. Server Manager says Mail service is not running.
    2. The Postfix ‘master’ process is running. ‘ps’ shows just the entry “master”, not the fully qualified pathname that other services have displayed in ‘ps’.
    3. Thankfully, this master process does respond to the PostFix configuration files.
    4. However, if I issue ‘postfix stop’, it’ll start itself back up again
    5. A friend showed me the lines in master.cf that turns off the various ports. The spammers seemed to be coming in on the Submission port, rather than the SMTP port.

    Finally some questions:
    1. Which process (and its config files) controls the launching of PostFix? I’d rather turn this off at the source. (launchd?)
    2. Any ideas why Server Admin says ‘mail service is not running’ when PostFix is out there being very naughty?
    3. I thought Apple PostFix configurations were “open-relay-proof’ out of the box. Any idea why this configuration is accepting spam?

    Thanks in advance, as usual.

    dave

    December 22, 2006 at 9:36 pm #367896
    deemery
    Participant

    A friend helped me walk through the logfiles in greater depth. We’re pretty sure what happened is that someone came into my server machine through ssh by guessing an account’s password. The PostFix installation wasn’t open relay, he was queueing up all this crap via a local account. So that makes me feel just a little bit better.

    Now the PostFix installation -does- respond to changes in its .cf files (and what I did near-term was break those .cf files sufficiently that PostFix is broken until I can sort it out.)

    But I’m still bothered by why PostFix was running even though Server Admin said it wasn’t running.

    Next priority: Lock down SSH more, my friend suggested using the PKI approach supported by SSH and disabling password authorization.

    dave

    December 26, 2006 at 5:51 pm #367905
    deemery
    Participant

    I’ve been reading about SSH PKI stuff, and see that by default, if the PKI stuff doesn’t work, SSH reverts to a password challenge.

    How do I turn that off (on both X Server and X client, I’m presuming they’re the same here), so that if you cant set up the PKI session, you can’t connect at all?

    thanks dave

    December 27, 2006 at 9:16 pm #367908
    deemery
    Participant

    Here’s what a friend recommends. You add this to the end of /etc/sshd_config:

    Protocol 2
    PasswordAuthentication no
    ChallengeResponseAuthentication no
    UsePam no

    dave

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.