dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1624
share rss forum feed


treichhart

join:2006-12-12

how do I disable people telneting into my mail server

Guys
I keep getting these logs into my mail server:
Nov 15 13:26:50 mail postfix/smtpd[26071]: warning: 50-202-171-113-static.hfc.comcastbusiness.net[50.202.171.113]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

how the heck do I disable something like this because it sounds like they are doing it from telnet.

I cant even telnet into my mail server but I dont know how they are able to do this.



donoreo
Premium
join:2002-05-30
North York, ON

1 recommendation

They are doing a telnet using port 25. It is a simple way to test if there is a mail server running. It could also be scripts trying to find mail servers to compromise.



EUS
Kill cancer
Premium
join:2002-09-10
canada

2 recommendations

reply to treichhart

You could use fail2ban, and anyone attempting to enter your system gets an ip ban after x amount of tries.
--
~ Project Hope ~



treichhart

join:2006-12-12

I already have fail2ban onto the system im using iredmail mail server.



treichhart

join:2006-12-12
reply to treichhart

donoreo what scripts are you talking about?



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1
reply to treichhart

If you can't telnet into your own mail server you are doing something wrong or just don't know how.

You can not prevent this type of basic access to the server.



treichhart

join:2006-12-12
reply to treichhart

I know how to telnet into my mail server and I have the ports open but thanks for being rude graysonf...



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

said by treichhart:

I cant even telnet into my mail server but I dont know how they are able to do this.

said by treichhart:

I know how to telnet into my mail server and I have the ports open but thanks for being rude graysonf...

Excuse me. You now say you know how to telnet into your mail server but that's not what you said in your original post.

Then you accuse me of being rude.

So which is? You know how to telnet, you don't know how to telnet, or you don't have the first clue as to what constitutes rudeness?


treichhart

join:2006-12-12
reply to treichhart

I know how to telnet into my mail server and I know how to telnet how about you stop replying and stop being rude.



Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
kudos:2
Reviews:
·WOW Internet and..

1 recommendation

Hi treichhart. Be aware many protocols (most, I'm sure) use the exact same connection mechanism as telnet - just a short level above basic TCP. Ones that come to mind are smtp, http, ftp, pop3, imap, nntp, even ssh. Try 'em! They all connect. Each may not get very far with telnet but they ALL say "hi" in their own way. Then, if you talk the right language they all do their own thing.

You really cannot exclude telnet without excluding the basic port 25 connection. Creative filtering is the only way.



Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse

1 recommendation

reply to treichhart

First of all, if you are really telnetting into your system you should disable telnet altogether and use SSH.

As for port probing, which is what this is, you can't do much to prevent it. You can block repeat offenders with something like iptables.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

Telnet, in the context of this thread, refers to using a telnet client to connect to a TCP service port, not the insecure practice of telnetting to to a telnetd daemon for shell access.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to Wily_One

telnet clients can be used as a way to make a TCP connection to any TCP port, and then send bytes on that connection. In this sense, the telnet client is simply a handy program to copy bytes from keyboard to TCP connection.

Whether you can operate the protocol that the server is expecting depends on your own skill - e.g. whether you can type SMTP on-the-fly and generally without recourse to a delete key.



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

LOL. Never tried the delete key Backspace doesn't work either



leibold
Premium,MVM
join:2002-07-09
Sunnyvale, CA
kudos:10
Reviews:
·SONIC.NET

Some telnet clients use line buffering which allows the backspace key to work as expected (since the correction takes place before the data is send to the server).

It is amazing how frequently that backspace key is being used subconsciously. I can remember times when a quick telnet test didn't work as intended only to find a ^h or \008 in the server side log files
--
Got some spare cpu cycles ? Join Team Helix or Team Starfire!



graysonf
Premium,MVM
join:1999-07-16
Fort Lauderdale, FL
kudos:1

Yes, a client I use once in a while has a type ahead box you can stuff the whole line in, and it all sits there capable of being corrected until the Enter key is pressed. But I rarely use it. For me it's easier to spawn the session in shell and live with the occasional mistake.



Wily_One
Premium
join:2002-11-24
San Jose, CA
Reviews:
·AT&T U-Verse
reply to graysonf

Was there anything in my post that made it sound like I didn't know that? I telnet to specific ports all the time to verify the firewall is not blocking it.

User complaining about port probes. Then people go on a tangent about him knowing or not knowing how to telnet into his own server. That is the context for my comment about that not being a good idea. Use SSH for server access, not telnet.

Keep using telnet for server access - I don't give a shit. LOL


MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4
reply to treichhart

»configserver.net/ firewall is pretty good



Jason
Stowage Class Traveler
Premium,Mod
join:2001-01-24
38.2967 Lat
kudos:3

1 recommendation

reply to treichhart

A quick googling seems to provide a few answers;

»www.linuxquestions.org/questions···-a-7461/

»kb.hivelocity.net/how-to-disable···-server/

»www.crucialp.com/resources/tutor···lnet.php

With that said, I'm going to lock the thread before it degenerates any further.

Thank you to those who have contributed.
--
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.