Results 1 to 7 of 7

Thread: Server Monitoring Software

  1. #1

    Server Monitoring Software

    Hi folks,


    Ubuntu 7.04 server amd64
    Postfix


    I'm searching for server monitoring software on Open Source checking users sending spam on server even after their deletion.


    Projects on

    unix.freshmeat.net
    and
    sourceforge.net


    brought me many suggestion. Please shed me some light where shall I focus my search. OR are there any suggestions? TIA


    B.R.
    satimis

  2. #2
    Maybe you need to use spamassassain, and have it quarantine the emails instead of deleting.
    arrogance breeds ignorance

    Screaming Electron, Full of BSD Goodness

  3. #3
    Quote Originally Posted by Kernel_Killer View Post
    Maybe you need to use spamassassain, and have it quarantine the emails instead of deleting.
    Hi Kernel_Killer,


    Thanks for your advice.


    The main object of my posting is searching for software which can monitor/stop spam/junk mails being sent out from my mail server.


    I'm building a mail server working on authenticated SMTP. I'll allow my friends using it, free of charge, to send/receive mails. In another thought, if I allow my friends using the server sending mails, I have no idea what they have sent which is beyond of my control. Therefore I'm searching for some solution which can check/stop spam/junk mails being sent out from my server.

    I'm considering making some precaution.


    B.R.
    satimis

  4. #4
    Spamassassain will do that. You can set it to work directly with your MTA, so that every message is checked before it's sent, or received.

    There is only one thing that worries me. If you have that issue, and it's on a company server, you have an employee sending out fraudulent mail. Aside from that, make sure you have SMTP set with authentication, and use the submission port (587) instead of the regular SMTP port (they work the same). If you have a spyware/virus issue in your network, chances are it's going to be it's own MTA, and not use your mail server at all.
    arrogance breeds ignorance

    Screaming Electron, Full of BSD Goodness

  5. #5
    Quote Originally Posted by Kernel_Killer View Post
    Spamassassain will do that. You can set it to work directly with your MTA, so that every message is checked before it's sent, or received.
    Noted with thanks. Any thread/document for reference on its setup.


    There is only one thing that worries me. If you have that issue, and it's on a company server, you have an employee sending out fraudulent mail.
    I have considered this point before a blackmail sent from the company server. It would be difficult to stop it before sending. It is impossible for the administrator checking each mail before dispatch. Although it can be found out finally. Lot of time has already been injected. Any recommendation?

    Aside from that, make sure you have SMTP set with authentication, and use the submission port (587) instead of the regular SMTP port (they work the same).
    Would following document be relevant?

    Authenticated SMTP Submission (SMTP AUTH) with Postfix and saslauthd
    greens.org/~cls/linux/howtos/smtp-auth-saslauthd.html


    If you have a spyware/virus issue in your network, chances are it's going to be it's own MTA, and not use your mail server at all.
    Noted and thanks


    Did you have experience on;
    nagios.org/about/


    B.R.
    satimis

  6. #6
    Hi there,

    There may be several reason for Spam sent from your server.
    1. If you are hosting some websites, some php forms are compromised, Some hackers can directly access your thanks pages, which have mail() function and modifies its header as required.
    Soln: You have to check whether any page with mail() function & POST variables, is directly accessible using browser. If yes, Check apache log and find out if that page is accessed more frequently. If yes, try to add some code, so that it takes POST variables from legitimate page only.

    2. Your server is not configured for SMTP Authentication ( Asking Username/Password ) and Open Relay ( Can send mail to any domain ) is allowed.
    Soln : Check for SMTP authentication and Open Relay.

    3. Some of your Email account is compromised, due to which hackers can use username/password for sending spam mails.
    Soln : Check your maillog and /var/log/messages, check whether you are having frequent "SMTP auth" strings. If yes, check which email account is used for connecting to your SMTP port and sending mail. Change the password of that email account and try again. You can also block IP address, if mails are generated from single IP ( which is not the general case ).

    4. One of your friend has configured Outlook or similar softwares and his/her desktop is infected using some virus/trojan, which is sending mails, which definately passes through your server.
    Soln : Check some of the spam messages sent from your server, by examining mail queue, and find out if any particular mail id is generating those mails or what. Please ask him to check his/her computer for virus/trojan.

    ~pratik

  7. #7
    Moderator
    Advisor
    redhead's Avatar
    Join Date
    Jun 2001
    Location
    Copenhagen, Denmark
    Posts
    811
    Did you have experience on;
    nagios.org/about/
    Nagios is not a controlling software as what you're ooking for, it's a controlling software which can report info on teh status of a service, if it is up, how much data the current service is accountable for, and such.

    It will not interfere with your data-flow only monitor it so you can see if a service is either eating up undesired CPU-time / bandwith or if the service itself is currently failing.

    What you're looking for is a solution to limit your servers sending capabilities regarding the contence / validation of the emails, where spamassassin would be an excelent choice.
    Perhaps you could also limit the amount of messages sent pr. user over a given time frame, altho this wouldn't prevent spam mails from beeing sent, it would place insanely large amounts into a spool queue for later transfers.
    Don't worry Ma'am. We're university students, - We know what We're doing.
    'Ruiat coelum, fiat voluntas tua.'
    Datalogi - en livsstil; Intet liv, ingen stil.

Similar Threads

  1. desktop monitoring software
    By texpo in forum Windows - General Topics
    Replies: 1
    Last Post: 04-01-2005, 03:15 AM
  2. temperature monitoring?
    By Tyr_7BE in forum Linux - Hardware, Networking & Security
    Replies: 23
    Last Post: 02-03-2005, 04:47 AM
  3. Apache Monitoring Software
    By coltrane in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 12-19-2002, 06:00 PM
  4. monitoring internet connection
    By friskydrifter in forum Linux - Hardware, Networking & Security
    Replies: 1
    Last Post: 07-20-2002, 06:25 PM
  5. monitoring with MRTG and SNMP
    By Nehctik in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 05-07-2002, 08:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •