Hello… I have been running a mail-in-a-box server for a little over 4 years now. I’m currently on v0.48 on Ubuntu 18.04.5
Recently my box has been getting a lot more attention. So I let the ban hammer fly in fail2ban. There are only 2 users on my box. This was working great with no problems.
But a couple of days ago I noticed brute force attempts coming from IP addresses that are physically co-located on the same host server as my box. eg if I’m on ip 18.104.22.168 the attacks are coming from 22.214.171.124 and the whois matches my host. I reported it to my host of course.
But now is the problem and I’m not sure it’s even a problem. I woke up to emails from G Suite team stating welcome to G Suite etc etc. And please verify your domain etc. I opened a support ticket asking Google to ban this account and to not let it go through. They stated as long as they can’t verify the domain Google will auto delete the account after 9 days. Fair enough.
So my question (because I don’t know what I don’t know) What are all the ways they could verify the ownership of my domain?
I bought my domain from a major registrar but my box is hosted by the first recommended host in the mailinabox setup. So I’m just a drop in the bucket…so to speak.
Where do I need to look and tighten security so they can’t verify the domain and activate G Suite. This is all a foreign language for me. I’m very Linux savvy but I am NOT intelligent at all when it comes to DNS, nameservers, mx records etc.
Everything still seems to be running perfectly and securely, I just want to be sure I don’t do something that could allow them to verify and then route all emails through their G Suite account.