Prev: Is possible reject mail with multiple destination?
Next: I HACK $2500 FROM PAYPAL,,,,
From: Walter Pinto on 11 Aug 2010 20:26
Setup snort and find out where the connections are coming from. There
are many ways to do this.

also check /etc/sysconfig/networking/profiles/default/resolv.conf

Is your server behind a NAT firewall?

From: "N. Yaakov Ziskind" on 11 Aug 2010 21:09
Christopher Adams wrote (on Wed, Aug 11, 2010 at 05:20:52PM -0700):
> I noticed on our firewall that there were constant connections from the
> machine running Postfix to addresses all over the world. The interesting
> thing is that the connection is using OpenDNS [208.67.216.132], a public DNS
> server. I do not use OpenDNS in my /etc/resolv.conf file (I have 2 other
> nameservers listed) and I don't know where it is coming from.

Doesn't Postfix use /var/spool/postfix/etc/resolv.conf (which may be
different)?

From: Walter Pinto on 11 Aug 2010 21:12
> Doesn't Postfix use /var/spool/postfix/etc/resolv.conf (which may be
> different)?
>

If he's chroot'ed then I would assume yes.

From: Ralf Hildebrandt on 12 Aug 2010 05:03
* Christopher Adams <adamsca(a)gmail.com>:

> I noticed on our firewall that there were constant connections from the
> machine running Postfix to addresses all over the world.

What kind of connections? Which port?

> The interesting thing is that the connection is using OpenDNS
> [208.67.216.132], a public DNS server.

Which connection?

> I do not use OpenDNS in my /etc/resolv.conf file (I have 2 other
> nameservers listed)

Local nameservers or remote nameservers?

--
Ralf Hildebrandt
Geschäftsbereich IT | Abteilung Netzwerk
Charité - Universitätsmedizin Berlin
Campus Benjamin Franklin
Hindenburgdamm 30 | D-12203 Berlin
Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
ralf.hildebrandt(a)charite.de | http://www.charite.de


 | 
Pages: 1
Prev: Is possible reject mail with multiple destination?
Next: I HACK $2500 FROM PAYPAL,,,,