1

I'm using a self-hosted wordpress blog. I'm using Gmail to access my domain email accounts.

I want to know, is built-in email services such as exim, etc are necessary if we are using Gmail to manage emails? I have only 2 accounts on server: root and my personal account.

I have set "Mailserver selection" to Disabled in WHM settings.

My problem is that I regularly get following alerts from LFD:

Time:     Sat Jan  5 08:53:07 2013
IP:       x.x.x.x
Failures: 2 (pop3d)
Interval: 300 seconds
Blocked:  Permanent Block

Log entries:

Jan  5 08:53:00 host dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<staff>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x
Jan  5 08:53:03 host dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=<sales>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x

I generally get 1 or 2 emails daily. I have set the pop3 login failure attempts to 2 before permanent block in firewall settings. But I want to know, is there any way to permanently stop these attacks?

Can I disable exim or any other thing which can stop these attackers?

Ladadadada
  • 26,337
  • 7
  • 59
  • 90
Another Blogger
  • 15
  • 5

1 Answers1

0

Those attacks are against Dovecot, not Exim so disabling Exim won't help.
If you are not using the server receiving mail and hosting mail boxes then you can disable Dovecot.

If you will be sending email from the server, for example Wordpress sending out emails to subscribers then you will need to keep Exim running so that server can send out the email.

Update

Looking at the WHM manual (not used cPanel/WHM in a long time as I use DirectAdmin these days) it looks like you need to go in to the Service Manager and disable imap and pop services.

If you are unable to stop the services as a "quick fix" you could block the following TCP ports in CSF

993 995 110 143

This will block imap and pop3 connections on the standard ports and the over SSL/TLS ports

Epaphus
  • 1,021
  • 6
  • 8
  • ^^ Thank you so much for your reply. Thats really what I wanted to know. Yes. My wordpress blog sends email notifications for new comments, etc to subscribers. So I think I should not disable exim as you mentioned. But how to disable Dovecot? I have set Mailserver selection to Disabled. Is it what you mean? If not please provide the steps to disable Dovecot. Is there anything else which I can disable to increase security. Since I'm using Gmail to access email account, what things can I disable in WHM or CSF firewall such as ports, etc? – Another Blogger Jan 05 '13 at 16:18
  • updated answer. – Epaphus Jan 05 '13 at 18:06
  • Thanks again for your reply. I checked Services Manager and IMAP was already unchecked. I cant see POP service in the list but there is Mailman service which is also unchecked. Regarding blocking ports in TCP, should I remove these port entries from TCP_IN section of CSF configuration? Following are current Port settings in my CSF configuration: – Another Blogger Jan 05 '13 at 19:20
  • In TCP_IN remove 110,143,993,995 - In TCP6_IN remove 110,143 – Epaphus Jan 05 '13 at 21:29