Author Topic: MSL is sending spam.  (Read 5834 times)

Offline jamsignal

  • Contributer
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
MSL is sending spam.
« on: March 17, 2011, 12:52:05 AM »
My MSL box may have been hacked. It was sending spam so I blocked smtp with my firewall. From the CLI, I noticed there are many qmail-remote processes trying to send mail.

I thought this was somewhat secure to place on the Internet. Has anyone had this problem?


Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: MSL is sending spam.
« Reply #1 on: March 17, 2011, 08:29:07 AM »
I haven't seen this but that doesn't mean it's not happening somewhere to me.
I have a couple of questions: 
1- What version of MSL are you running?
2 - How did you find out the box was sending spam?
3 - How do I check my boxes to see it they may have been hacked?

Ralph

« Last Edit: April 22, 2014, 04:33:36 PM by ralph »

Offline martyn

  • Hero Member
  • *****
  • Posts: 688
  • Country: au
  • Karma: +10/-0
    • View Profile
Re: MSL is sending spam.
« Reply #2 on: March 17, 2011, 06:39:50 PM »
On the web interface of the MSL box go in to E-mail Settings and make sure that SMTP email injection restrictions is set to Local Host Only. If it is set to either of the other two options, then it means that the box is open as a relay to either the local network, or to who ever is able to connect to it, which if it is a MBG server could mean that it is open to anyone on the internet to relay through.

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: MSL is sending spam.
« Reply #3 on: March 18, 2011, 08:07:28 AM »
That makes me wonder if, thinking about another problem, it would be possible to use the relay to resolve an issue with forwarding voicemails to 3rd party email hosting services.  -i.e. gmail.com

Ralph
« Last Edit: April 22, 2014, 04:33:23 PM by ralph »

Offline Chakara

  • Hero Member
  • *****
  • Posts: 607
  • Karma: +2/-0
    • View Profile
    • Kyle Petree
Re: MSL is sending spam.
« Reply #4 on: March 19, 2011, 10:33:44 PM »
  Probably Ralph - but I suspect you have to get in the command line and make some changes to get it to use TLS.  I'm sure it is doable.  You changes may revert back on upgrades.  I've had my Linux guys look at this thing and it seems a bit off of standard.  They got all kinds of things to work, but longitevitry  of the changes are unknown...

-Chak

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: MSL is sending spam.
« Reply #5 on: March 28, 2011, 04:38:26 PM »
The history of MSL goes back to www.contribs.org.
They sold to Mitel and if I understand it correctly sold it back.
I know a lot of stuff carries over from contribs.org so if you went to their forum you may get a lot of answers about MSL that isn't available via Mitel.

Ralph

Offline jamsignal

  • Contributer
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: MSL is sending spam.
« Reply #6 on: March 30, 2011, 06:28:14 PM »
MSL 8.5.17.0 and 'localhost only' is already set. I am also the network person and I saw the spam on my firewall. I blocked port 25 on my firewall to stop the spam.

I found a new problem today. Squid proxy on port 3128. My MSL IP was published on a list of free proxy servers and it was flooded with traffic. I need to find out what network ports are required for Teleworker and block everything else. This MSL box was receiving 20 Mbits of Internet traffic the last couple of days.

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: MSL is sending spam.
« Reply #7 on: March 31, 2011, 07:56:09 AM »
For a quick and easy list of what ports are required, download the TNA software from your Teleworker server.
It will show you all the ports and what they're used for.

Ralph

« Last Edit: April 22, 2014, 04:33:08 PM by ralph »

Offline Chakara

  • Hero Member
  • *****
  • Posts: 607
  • Karma: +2/-0
    • View Profile
    • Kyle Petree
Re: MSL is sending spam.
« Reply #8 on: March 31, 2011, 09:51:31 PM »
  I don't think MSL has any type of mail relay ability by default.  I suspect your compromise if more in depth and if possible I would seriously consider just rebuilding the box from scratch....

-Chak

Offline jamsignal

  • Contributer
  • *
  • Posts: 10
  • Karma: +0/-0
    • View Profile
Re: MSL is sending spam.
« Reply #9 on: March 31, 2011, 11:37:42 PM »
I did not know about the TNA. I will try that tomorrow. If anything else strange happens, I will have to rebuild.


 

Sitemap 1 2 3 4 5 6 7 8 9 10