Open ports on server question

albatroz

• April 17, 2019 15:27

One of my customers recently run a vulnerability test against my VPS and noticed several open ports that you can see in the attached picture. There are some ports that I recognize but there are others like the 2000 and 1167 that I don't know where they come from.

• 

  cPanelMichael

  • April 18, 2019 23:36

  Hello @albatroz, Can you open a

  0
• 

  albatroz

  • April 19, 2019 18:56

  Hello, I did what you suggested and this is the generated ticket number #11988735

  0
• 

  cPanelMichael

  • April 22, 2019 15:48

  Hello, To update, here's a summary of the response sent by one of our Technical Analysts in the ticket: [QUOTE] The messages from the affected email address were Greylisted because the domain name associated with the email address lacks DNS entries because it's authoritative nameservers do not contain information on it: # dig +short txt domain.tld # dig +short default._domainkey.domain.tld # dig +short domain.tld In addition, the server's Exim configuration contains a number of custom modifications, one of which is the "host_find_failed" directive, which is set to defer: # grep host_find_failed /etc/exim.conf host_find_failed = defer Apparently as a result of this customization, the messages are being deferred: # grep domain.tld /usr/local/cpanel/logs/cpgreylistd.log | grep -v get_deferred_list | tail -5 [2019-04-15 06:32:10 -0500] info [cpgreylistd] Request:- OP: ['should_defer'>, Sender IP: ['1.2.3.4'>, From Address: ['user@domain.tld'>, To Address: ['user2@to-address.tld'>. Reply:- ['yes'> And it appears that they are then removed from the cpgreylistd database 24 hours after the first message attempt is sent. This is the first entry in the cpgreylist log file for the message: [2019-04-14 10:34:40 -0500] info [cpgreylistd] Request:- OP: ['should_defer'>, Sender IP: ['1.2.3.4'>, From Address: ['user@domain.tld'>, To Address: ['user2@to-address.tld'>. Reply:- ['yes'> And this is the last entry for it, a little over 24 hours later: [2019-04-15 11:12:12 -0500] info [cpgreylistd] Request:- OP: ['should_defer'>, Sender IP: ['1.2.3.4'>, From Address: ['user@domain.tld], To Address: ['user2@to-address.tld'>. Reply:- ['yes'> It thus appears that the message is essentially disappearing without being either delivered or rejected. You may therefore wish to remove the "host_find_failed = defer" line from the Exim customizations, then restart Exim for the change to take effect to see if doing that resolves this issue. However, ultimately, the issue lies with the lack of DNS resolution for the domain.tld domain, which will need to be addressed by the administrators of that domain.
  Thank you.

  0

Please sign in to leave a comment.