[NTLUG:Discuss] Please Help me interpret some Mail Log Entries...

[Newsletters]

Rev. wRy wrote:

|On Tue, 2002-06-11 at 20:08, Newsletters wrote:
|<snip>
|
|>and also to make certain that my proftpd service hasn't been
|>cracked and become a warez site (I do watch the disk usage a lot).  So
|>far I think I'm OK, but I've got to keep a close watch on my servers.
|>~ It is tricky on the internet.
|
|
|An easy, but not always effective, way to make sure you aren't running
|an open relay is to submit your ip address for testing to any of the
|numerous open relay testers out there.

Thanks, I've done that and so far it appears I'm not running an open
relay.  I feel better since I found the sendmail FAQ entry.

|I'm more curious as to others FTP setup - I don't allow anonymous FTP,
|all users are jailed into their home directories, and for stuff I want
|to share, I simply add a 'mount --bind /share /home/$user/share'.  Hosts
|that scan looking for anon ftp get blacklisted via iptables, and those
|that scan trying to use valid users get blacklisted and entered into
|hosts.deny.
|
|What are others doing?

Probably taking my server's life in my hands, I'll let you know a little
about my setup.  I'm testing ProFTPD on my second server which I use for
experimental and educational purposes.  I'm set up just the opposite in
that I am running an anonymous only ftp server (I even don't let the
regular users login on it).  It is running ProFTPD in standalone mode (I
haven't gotten it to work under xinetd), and all the users are jailed
into a single directory.  I've also set up an incoming directory that
can be downloaded into (with a quota limit), but can't be listed.
~ Anyways, it has been interesting to see who keeps scanning it.  Right
now, I have the wanadoo.fr domain denied, and I'm just waiting to see
how those guys break through my ftp.  So far, I get a lot of scans, but
nobody is transferring anything.  At any rate, If you guys want to look
and make suggestions, try the anonymous ftp login at ftp.xchg.ws.