Exim established many connections to strange ips
I installed VestaCP and used their mail server for my domain mails. But when I run netstat on my server,it shows some strange connections. There are no problems with my mail server until now, I just worry about these connections.
Does my server meet any security problems?
# netstat -antp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5033/exim
tcp 0 0 0.0.0.0:2525 0.0.0.0:* LISTEN 5033/exim
tcp 0 35 my.server.ip.address:25 87.246.7.228:63258 ESTABLISHED 13152/exim
tcp 0 35 my.server.ip.address:25 212.70.149.88:38064 ESTABLISHED 13518/exim
tcp 0 0 my.server.ip.address:25 212.70.149.88:20194 ESTABLISHED 13519/exim
Solution 1:
Having connections established to your mail server it's rather normal if it is exposed to the Internet.
That doesn't mean you shouldn't setup fail2ban and verify you aren't running an open relay, but thinking you've been hacked because netstat
says you have open connections is pointless. That's just the Internet nowadays...