Find the answer to your Linux question:
Results 1 to 3 of 3
I setup a firewall in my email server using iptable It was working fine and then later, i split out the firewall by setting up a stand alone firewall using ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Oct 2005
    Posts
    4

    My smtp server becomes open relay after setup the firewall


    I setup a firewall in my email server using iptable It was working fine and then later, i split out the firewall by setting up a stand alone firewall using iptable. It works fine, which user can access the mail server. But the mail server down after 2 days, after checking on it, i realized that my mail server becomes open relay! (i checked it at www.dnsreport.com). And all the time, lot of mails are trying to relay it to my mail server. I then turn off the firewall, and back to my old day setting, which run the firewall in my mail server. Then, the open relay issue solved! I have no idea what goes wrong with my iptable, and here is the different between 2 iptable:

    iptable in my mailserver:

    iptable -A INPUT -p tcp --dport 143 -j ACCEPT
    iptable -A INPUT -p udp --dport 53 -j ACCEPT
    iptable -A INPUT -p tcp --dport 53 -j ACCEPT
    iptable -A INPUT -p tcp --dport 25 --syn -j ACCEPT

    iptable in firewall

    iptable -A PREROUTING -t nat -p tcp -d $ext_ip --dport 25 -j DNAT --to $imail_server:25
    iptable -A PREROUTING -t nat -p tcp -d $ext_ip --dport 143 -j DNAT --to $mail_server:143

    Is that by setting NAT, the mail server will become Open Relay?

  2. #2
    Just Joined!
    Join Date
    Oct 2005
    Posts
    4
    Me again! I put the firewall internal ip into the /etc/mail/access in my mail server as below

    localhost.localdomain RELAY
    localhost RELAY
    127.0.0.1 RELAY
    192.168.1 RELAY #My Internal network
    192.168.1.1 REJECT

    And the Open Relay is closed. But now, i can only send out mail from my mail server, but not able to receive any mail!

  3. #3
    Just Joined!
    Join Date
    Oct 2005
    Posts
    4
    Hi guys, i have found the problems. It was the iptable in my firewall, which i masquerade all the incoming packet from the internet to my LAN. I was added this because i want to masquerade all the incoming traffic from my VPN tunnel (ip range 172.16.0.2-99) to be part of my LAN (192.168.1.x) .

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •