[cd_boyz]

I setup a firewall in my email server using iptable It was working fine and then later, i split out the firewall by setting up a stand alone firewall using iptable. It works fine, which user can access the mail server. But the mail server down after 2 days, after checking on it, i realized that my mail server becomes open relay! (i checked it at www.dnsreport.com). And all the time, lot of mails are trying to relay it to my mail server. I then turn off the firewall, and back to my old day setting, which run the firewall in my mail server. Then, the open relay issue solved! I have no idea what goes wrong with my iptable, and here is the different between 2 iptable:

iptable in my mailserver:

iptable -A INPUT -p tcp --dport 143 -j ACCEPT
iptable -A INPUT -p udp --dport 53 -j ACCEPT
iptable -A INPUT -p tcp --dport 53 -j ACCEPT
iptable -A INPUT -p tcp --dport 25 --syn -j ACCEPT

iptable in firewall

iptable -A PREROUTING -t nat -p tcp -d $ext_ip --dport 25 -j DNAT --to $imail_server:25
iptable -A PREROUTING -t nat -p tcp -d $ext_ip --dport 143 -j DNAT --to $mail_server:143

Is that by setting NAT, the mail server will become Open Relay?

[cd_boyz]

Me again! I put the firewall internal ip into the /etc/mail/access in my mail server as below

localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
192.168.1 RELAY #My Internal network
192.168.1.1 REJECT

And the Open Relay is closed. But now, i can only send out mail from my mail server, but not able to receive any mail!

[cd_boyz]

Hi guys, i have found the problems. It was the iptable in my firewall, which i masquerade all the incoming packet from the internet to my LAN. I was added this because i want to masquerade all the incoming traffic from my VPN tunnel (ip range 172.16.0.2-99) to be part of my LAN (192.168.1.x) .