New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you protect your server from being used to send spam?
So I got a new vps and installed easyengine on it then I left it idling for about a week. Today I checked my mail log and noticed someone's been trying to attempt send spam using my vps. Luckily it all failed and I figured I need to boost up the secuirty of the mail system so what are some ways to tigten the security?
If you wanna read the mail log here it is http://pastebin.com/VipEQ9nL
Comments
fail2ban, saslauth permit, daily cron of pflogsumm email to me
fail2ban should be fine as a frontend for the server. It should be good assuming you did SPF and DKIM.
Here's some documentation on SPF and DKIM:
Set up SPF records
Set up DKIM records
Don't host your own email - eliminate the risk and go with @jarland mxroute - a small monthly/yearly cost, but peace of mind, especially for newbies
fail2ban is a good one But If you are new at this I would recommend moving the mail function to a seasoned provider and only use your VPS for file.
I usually uninstall the MTA on new VPS.
This is common vulnerability probing that happens these days for any service you provide on the Internet. Modern mail servers are configured by default to be reasonably safe. Your bigger worry should be web services you provide, and especially PHP exploits, since that is often the vector for turning a server into a spam bot.
As other have said, let fail2ban deal with the fast moving attacks, drop persistent abusers permanently into your firewall, and block entire networks if it looks like the provider doesn't have their act together.
These things should be done to protect your server not only from unwanted spamming from your server, but from using it as port scanner and so on. Tips how to secure your server:
Change the SSH port
Use strong passwords for everything
Disable Root User
Restrict SSH access by IP using IPtables
Install RkHunter
Install CSF (Config Server Firewall)
Instal Fail2Ban
Use AV as Clam-av, maldet
and etc.
Tutorial on how to do this all https://community.time4vps.eu/discussion/33/secure-vps-tips/p1