Exim established many connections to strange ips

netstat email-server exim vestacp

I installed VestaCP and used their mail server for my domain mails. But when I run netstat on my server,it shows some strange connections. There are no problems with my mail server until now, I just worry about these connections.

Does my server meet any security problems?

# netstat -antp

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      5033/exim
tcp        0      0 0.0.0.0:2525            0.0.0.0:*               LISTEN      5033/exim
tcp        0     35 my.server.ip.address:25        87.246.7.228:63258      ESTABLISHED 13152/exim
tcp        0     35 my.server.ip.address:25        212.70.149.88:38064     ESTABLISHED 13518/exim
tcp        0      0 my.server.ip.address:25        212.70.149.88:20194     ESTABLISHED 13519/exim

Solution 1:

Having connections established to your mail server it's rather normal if it is exposed to the Internet.

That doesn't mean you shouldn't setup fail2ban and verify you aren't running an open relay, but thinking you've been hacked because netstat says you have open connections is pointless. That's just the Internet nowadays...

Related

Kibana does not trust Let's Encrypt CA in Kubernetes Helm Setup
How to run Python venv script with screen in crontab
MySQL is not using my certificate, uses its own self-signed
Is there an "initial memory allocation" different from the "limit" in Openshift/Kubernetes?
How does SSL certificate map to server IP when it is issued for domain name? [closed]
Apache behind nginx reverse proxy, setting the correct Host header
Does zfs zfs recv validate checksums?
Why is docker build not showing any output from commands?
logrotate won't rotate my logs automatically
Can I run Keras model on gpu?
Most efficient way to cast List<SubClass> to List<BaseClass>
Boost Statechart vs. Meta State Machine