Kiggs, I think you need to speak to my mum (a doctor) she's somehow convinced our profession is paid to surf the net MONTHLY, most of time everything is rosey dosey but when the sh*t it the fans you know what happens.....
AE � -----Original Message----- From: Kiggundu Mukasa <[EMAIL PROTECTED]> To: LUG <[EMAIL PROTECTED]> Date: 18 Jul 2003 07:50:49 +0300 Subject: lug_: tale of a linux admin (part2) > > Day three ....... ssh to server to check on work of yesterday > .................... 112,513 messges!!!!!!!!!!!!! > > AAAAAAAAAAAAAHHHHHHHHHHHHHHHHHHHHHH > > TO BE CONTINUED.... > > PANIC, I tied down the main.cf so why still the spam. > > First tried deleting messages, delete a few thousand then notice that > they are comming in at a rate about 50% the delete rate! > > Network setup is thus. > > Internet --> Linux Firewall --> 100 MB/s switch --> Linux Mail Server, > other servers, > > On the inside network there was a dhcpd server that was serving out IP > addresses so I told postfix to only accept smtp relay requests from IP > addresses in the class that the DHCP server was giving out. > > On the firewall I ran rinetd and redirected all INCOMMING smtp traffic > on the internet interface to the mail server so that domain mail could > be handled. > > So first I manually telneted from the Internet to port 25 of the > firewall and issued SMTP commands and looked at /var/log/mail to my > suprise the IP address I saw in the logs was not my Internet IP > address, > nor the Internet IP address of the firewall but the INSIDE IP address > of > the firewall (which was the gateway IP address of the internal network) > > This internal IP address was in the same class as that being given out > by the DHCP server (and had to be so that the internal machines could > access the net via the router/firewall). > > Thus to the mail server, the firewall was a legitimate host sending out > alot of mail to the internet just like any other client!!!! > > First thing was shut down rinetd. > > Second, delete all mail > > Third configure postfix on the firewall with the following rules (in > main.cf and virtual file in /etc/postfix) > if you recieve an email that has no local user AND belongs to your > domain, forward it to the mail server, then ALSO, by default forward > all > acknowledged mail received to the mail server (as the forwarding host). > > there were two ways to do this. I could have set up a split-level DNS > where the firewall knows all the machines inside the network by their > fully qualified domain names even though they are on a priviate IP > address network and still acknowledge the IP address names on the > internet, then just let the machine spool and relay mail to the mail > server. > > For details on split-level DNS email "Oscar Sekyewa > <[EMAIL PROTECTED]>" > > OR I could do a quick and dirty but working solution > > Since postfix first tries to interpret the fully qualifed domain name > then spools, it works well. The forwarding machine would be added > using > IP address (which can be private) and thus works. > > After this deleted spam mail on the mail server and restarted both > servers! > > Stayed on for 1 hour looking at mail bouncing back to spammers and mail > to the client, being delivered. > > Someone asked "Why did you not just rm -rRf /var/spool/postfix then > reinstall and fix problem?". > I like pain and torture :=) > > No actually, the client was still operating well (until I rebooted) and > complete reinstall would have taken them down. > > Kiggs > > -- > **************** ***************************** > Kiggundu Mukasa # Computer Network > Consultancy### > KYM-NET LTD. # Intranets & Internet > Solutions# > House 73 # Data Communication Service > #### > Plot 80 kanjokya Street > P.O. Box 173 Kampala, Uganda > Tel: +256 77 972255 > +256 71 221141 > Fax: +256 31 262122 > *********************************************************************** > ** >
