The task turned out to raise the relay postfix, which can send messages from mynetworks, to attempts to send messages through it to the domain from other hosts, it
should issue 451. At the same time, NDR should be sent from it to the internal mail servers.
Please suggest how to implement it.
There were no problems with setting up opendkim, but there is not enough experience.
Related
The sitescope tool has the functionality for checking the Ping operation, with frequency of pinging the application configurable and email alerts as well.
Does Dynatrace support ping operation and email alerting ?
You can't to a ping from dynatrace, but that is probably not what you want to do anyway, because it just tells you that the host is up and available via ICMP.
What you can do with dynatrace, is execute a synthetic HTTP all against an endpoint on that host to see if your application is up and running.
I run my own sip server (asterisk). Apparently my sip server allows to perform an INVITE without doing any REGISTER first. This leads to lots of unsuccessful attacks on my server. IS there any way to allow INVITE requests only from a successfully REGISTERed clients? Through asterisk or iptables?
You need change allowguest parameter to no in your sip.conf.
Check the link below for more tips about security in asterisk:
http://blogs.digium.com/2009/03/28/sip-security/
My study so far tells me that REGISTER is only for asterisk to reach or forward the INVITES but not to authenticate an INVITE request. When an INVITE comes, asterisk tries to check the given user name and if its a valid one, it sends a 407 (Authentication required) back to the client. Then client inserts the password (encrypted) in the response and sends INVITE2 to server. Now server authenticates the user and when credentials match, proceeds with establishing the call.
Conclusion: An INVITE has no relation with REGISTER and so my idea of restricting only REGISTERED clients to send an INVITE is not possible.
As a workaround, I have written my own script. Source is at https://github.com/naidu/JailMe
Consider a real Session Border Controller which pays for itself quickly when you get hacked. However, if you want a "good enough" option then read on:
There is an iptables module called "string" which will search a packet for a given string. In the case of SIP we expect to see "REGISTER" in the first packet from any given address, so combine this with -m state --state NEW or something similar. After that, we would want keep-alive happening to ensure that connection tracking remains open (usually Asterisk sends OPTIONS, but it can send empty UDP). You want that anyway in case the client is behind NAT.
It's not the ideal solution, because iptables cannot figure out whether a registration has been successful, but at least we can insist the other guy makes an attempt at registration. One of the answers linked below shows use of the string module in iptables:
https://security.stackexchange.com/questions/31957/test-firewall-rules-linux
You could also put an AGI script into your dialplan that does some additional checking, potentially looking at IP address and whether the extension is registered... ensure the INVITE comes from the same source IP.
Fail2Ban is an easy way to block unwanted traffic! fail2ban check system logs for failed attempts, if there are too many (exceeding defined threshold) failed attempts in specified time from some remote IP then Fail2Pan consider it as attack, and then add that IP address in iptables to block any type of traffic from it. following links can help
http://www.voip-info.org/wiki/view/Fail2Ban+(with+iptables)+And+Asterisk
http://www.markinthedark.nl/news/ubuntu-linux-unix/70-configure-fail2ban-for-asterisk-centos-5.html
I am using SMTP server built in to the IIS. Over website sends email via this SMTP server and unfortunately we had lost some emails. I looked in to the SMTP log and I could not read that log properly since I could not find any useful tool that can read this log file. It's very hard to understand this log file. If someone give a useful tool that can read IIS SMTP server log, it would be a great help.
I have few other questions too.
The status for the lost email is 250 in the log file, does this mean everything went OK.
Is this SMTP server reliable enough to handle big number of emails at same time?
If not what would be the best solution?
One solution to all of this would be to use a 3rd party mail server provider. Some good ones below:
http://www.aweber.com/
http://mailchimp.com/
http://www.constantcontact.com/index.jsp
They have API you can implement and use in your code to send e-mails through their SMTP.
If you're sending big number of emails at the same time, it is better to use these as your ISP may be blocking your outgoing e-mails since they're in big numbers. They do this to prevent spam and hacking.
Sorry that I couldn't help with the log but consider this information too.
I am about to setup SmarterMail v9.0 on our Windows 2008 server (IIS7) and would first like to know what some security considerations are when opening up port 25 and/or 587 - ie how to prevent relaying, etc.
Thank you.
You must not accept email from untrusted users/sources which is not bound for domains you control.
An open relay is a mail server which allows anyone on the Internet to email anyone else, without verifying that either the source or the destination is known - thus, a relay.
You can check that the source is known by looking for a trusted IP subnet, or by requiring authentication before mail can be sent (via LOGIN over TLS, GSSAPI [called "Integrated Windows Authentication" or whatever], X.509 client certs, or the like).
You can check that the destination is known by comparing it to the list of domains for which your mail server will be the "last stop" (or a relay to another domain you control).
Either a known source or a known destination should be sufficient, but you may also want to make sure that mail inbound for your domains is at least borderline valid (originates from a domain with an MX server, for instance).
Separately, you must be conscious of DoS issues (rate limit inbound mail), and the ability to use your server to send backscatter spam. Backscatter is when I connect to your mail server and say, "why yes, I am unsuspecting_target#not_my_domain.com, please queue up this message for not_an_address#yourdomain.com". Then your mail server delivers a "bounce" message to the unsuspecting target. To mitigate this, you can verify that the recipient is known before accepting mail, or limit the rate at which mail can be accepted from one host, or try to check that the host delivering a message is authorized to use that envelope sender.
These are all well-solved problems.
does anyone know of a module thats available for asp.net that uses a queue to send email to an smtp server?
the queue being the operative word here.. we need a proper fallback mechanism for storing any messages that can't be sent so that the send can be re-attempted later
thanks
You can submit your messages to an IIS SMTP relay server via the Pickup Folder. This is the cheapest, and probably best, outgoing mail queue for ASP.NET.
Otherwise, you'll just need to connect to your SMTP relay server and configure its queue in whatever manner meets your business needs.