patterns solidifying?

This is completely mentile, but further to my last post (not *the* last post, that’s something else that I used to play on the cornet, trumpet, bugle when I were a lad and no, not on all of those at the same time), the amount of attempted MailServer hacks remains conspicuously low.

There have been, in the last 48 hours, just three attempts to breach the MailServer – and those three attempts came from one (now banned-for-life) IP address.

So, something related to that domain name – or something related to the (now deleted address) on that domain name?

seeing patterns where there may be none

Here’s a peculiar thing – well, three peculiar things:

  1. I wrote here about needing to learn additional mail admin knowledge in Postfix, specifically around learning how to delete an email account
  2. I wrote here about one email account I was hosting, that received a metric fuckton of spam
  3. I wrote here about a significant number of unsuccessful probes the mailserver was receiving

The first two items were about one email account attached to one hosted domain.

Well, after several days of internet fishing, I couldn’t find any help on how to delete an email account in Postfix.

So what I did was migrate the hosted domain (and therefore the associated email account) back to GoDaddy.

Then I deleted that email account there – because GoDaddy’s email control panel is simple, and easy to manage.

Within 48 hours, back on the NAS, all spam had dried up.

And, coincidentally (?) all probes to the MailServer had dried up too.

I would expect all spam to dry up, because the mx records for that domain now point to a server in Arizona, not my server here in Warwickshire. Deleting that email account is neither here nor there; that website is now under the administrative control of GoDaddy.

But all unwelcome probes/hack attempts drying up within the same timescale?

Well that’s just weird.

hosting a domain on a synology diskstation

There are two environments that need attention, when hosting a domain on a Synology Diskstation:

  1. Virtual Host (which organises the location of the files that your website is built out of), and
  2. DNS Server (which controls the Zone File that points web browsers at your website)

First of all, to configure your Virtual Host for your new website (which we will call example.co.uk):

Web Services -> Web Applications -> Virtual Host:

  • subfolder = example (without TLD suffix)
  • hostname = example.co.uk (with full TLD suffix)
  • OK

Now to configure your DNS Server and the Zone File:

Downloaded Packages -> DNS Server -> Zones:

  • Create Master Zone
    • Domain Type: Forward Zone
    • Domain Name: example.co.uk
    • Master DNS Server: static IP address
    • Serial format: Integer
    • OK
  • Edit Resource Record
    • Create:
    • MX Type
    • Name: mx
    • TTL: default
    • Priority: 10
    • Host/domain: example.co.uk
  • Create:
    • MX Type
    • Name: (leave blank this time)
    • TTL: default
    • Priority: 20
    • Host/domain: example.co.uk
  • Create:
    • CNAME
    • Name: (leave blank)
    • TTL: default
    • Canonical Name:
    • ns.example.co.uk
  • Create:
    • A Type
    • Name: (leave blank)
    • TTL: default
    • IP address: static IP address
  • Finish

And you’re done.

Email config is a separate thing. You need to follow these instructions for that.

ghost / node.js

so it seems that to run ghost i have to download, install and configure node.js?

oh

so much for the simple life

i’m getting the tar.gz for node.js, and downloading the ghost package

but it looks like there’s a lot of reading to be done before i get ghost up and running

this seems like a lot of effort just to look at a new product

but i’ll stick with it

slowly

as time allows

being probed/attempted hacks

The NAS has been getting a significant amount of hack attempts, since I enabled the MailServer functionality.

About 10-15 times in a 24-hour period, people (or, to be more accurate, things, because these probes are probably automated) attempts to log on to the root of MailServer as the primary user.

I guess that the bots that trawl the internet looking for open ports probed for, and found, the open port 25 (MailServer port) against the static IP address that the NAS uses.

My first line of defence was to implement a ‘three strikes and you’re out’ security policy. This will ban, for life, the IP address of anyone who unsuccessfully attempts to log on to the NAS three times.

My second line of defence was to set each NAS account and each email account with a new, digitally-encoded password, that meets GCHQ encryption standards.

I did check out the first couple of dozen IP addresses, but the only thing I learned was that invariably they were based in China.

It amused me that the Chinese Government (hacking community? – what’s the difference between the two?) would be so keen to get their hands on my priceless collection of unsigned music.

Or the many thousands of amusing Garfield strips that I keep, for some reason.

Or the entire second series of Outnumbered that I’ve never quite got around to deleting.

Or my porn.

Ahem.

So I have implemented two lines of defence: three strikes and you’re out for life, and all passwords set to a very high standard.

Is there anything else I can add?

Bear in mind we are only talking about probes to the MailServer – an application on the NAS – not probes to the NAS itself.

spam

The email account that is the object of all the email admin I’m looking at is getting hammered with spam.

It’s an old email account, the email address has been around the internet for a decade or so and it has been very public, so it’s not a big surprise that it’s getting spammed.

Over 99% of the spam comes from spoof email addresses (from hacked MailServers, I’m guessing) that begin ‘canada.medic@’.

I set a management rule in MailServer to discard any incoming traffic from all email addresses originating from ‘canada.medic’ attached to any domain name.

That did the trick.

The incoming traffic showed up on MailServer as incoming mail, but nothing was delivered to the incoming mailbox/email account.

Yay!

more mail admin: deleting email accounts

It looks like that, in order to delete/remove existing email accounts in the NAS I need to get down and dirty with some command line action.

I enabled Telnet and opened the appropriate port in the NAS firewall, and had a poke about /var/etc/packages/MailServer/ and everything looks like I’d expect it to.

But the more information I read, the more questions remain unanswered.

Do I need to remove the email account from MailServer?

Or do I need to remove the email account from the associated Dovecot package?

Or do I need to remove the email account from both?

Hmm.

I need to read even more, obv.

mail admin – deleting old accounts

I’m just beginning the CentOS installation on the HP server and, as is often the case with my mind, a sort-of-but-not-totally-related question pops up.

In all of the mailadmin documentation I’ve read in the last couple of weeks (electronic reams of the stuff), I haven’t read anything about deleting an entire email account in Postfix.

I don’t know if I’m going to use Postfix as my mailserver (there are a number of choices), but my point is, in admin terms, you’d want to be able to remove redundant email accounts, yes?

Well, yes, obv.

So I’m going to pause the server installation until I have a better handle on this (to me, fundamental) piece of mailadmin.

tv geekage

This house has just one set of television aerial points.

In the lounge there is an incoming twin-cable satellite connector, and an incoming aerial coaxial point.

Which is great.

Terrific.

Except.

Upstairs there’s nothing.

And, frankly, there are fewer 13amp sockets upstairs, than one would have expected.

Anyway.

I’m thinking of adding a Qose 5.8Ghz Wireless Video Sender/Receiver to my shopping list.

Less than £50 for cable-free viewing upstairs?

Sounds ideal to me.