QSMTPD patch to bounce unknown local addresses
This is probably the umteenth time this question has been posted here. I was one of the unfortunate Northpoint DSL user who lost their connections in the bankruptcy so my network is running on a measley 56k modem while I await new service. In the meantime, my mail server is being slammed by spam to unknown/moved addresses and the resulting double bounces to unknown sending addresses. I searched www.qmail.org and the web looking for a qmstpd patch that would deny access to unknown local users and qmail aliases but came up with bupkis. I've seen those patches before and in fact had one installed in my previous Qmail server. I just can't find them now. Can anyone point me at one? ---[ http://www.magpie.com ]---=oo--- Steve Manes Brooklyn, N'Yawk
Re: IPCHAINS and Qmail
At 01:31 AM 12/10/00 -0700, Sean Reifschneider wrote: On Sun, Dec 10, 2000 at 02:51:24AM -0500, Steve Manes wrote: Dec 10 01:02:49 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. 124:3687 206.26.89.202:25 L=1064 S=0x00 I=46413 F=0x T=64 (#37) Dec 10 01:02:55 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. 124:4396 204.242.84.1:25 L=60 S=0x00 I=46421 F=0x T=64 SYN (#37) Any idea what's causing this? ipchains is blocking incoming connections to port 25/tcp. You know, the e-mail port. I know what port 25 is and, no, it's not blocking incoming connections. It seems to be blocking outgoing connections. But if you look at the script you'll see that port 25 is open both ways: # SMTP server (25) # ipchains -A input -i $EXTERNAL_INTERFACE -p tcp \ --source-port $UNPRIVPORTS \ -d $IPADDR 25 -j ACCEPT ipchains -A output -i $EXTERNAL_INTERFACE -p tcp ! -y \ -s $IPADDR 25 \ --destination-port $UNPRIVPORTS -j ACCEPT In fact, the script doesn't firewall any outbound traffic in eth0, only input. That's why this is weird. The error log throws occasional mentions about "SYN" (above) so I wonder if it's a problem with that. The problematic firewall script is rather large (25k) so I've posted it on my web server at http://www.magpie.com/work/rc.firewall.html Yikes! 25KB?!? I have a hard time imagining it being a tenth the size of that. Admittedly, it's huge but I didn't create it by hand. Nevertheless it's a very thorough script and well commented, and similarly-generated firewall scripts work very well on my other machines. It's only Qmail that seems to be having a problem with it. ---[ http://www.magpie.com ]---=oo------- Steve Manes Brooklyn, N'Yawk
RE: IPCHAINS and Qmail
At 08:47 AM 12/10/00 -0800, Phil Oester wrote: Your output rule for port 25 is definitely the problem. Contrary to your belief, it is filtering outbound traffic on eth0. Personally, I don't think that's such a good idea - my firewall allows everything outbound, and only filters inbound. Try changing your SMTP output rule to this: /sbin/ipchains -A output -j ACCEPT -i $EXTERNAL_INTERFACE -p tcp -s $IPADDR 25 -d 0.0.0.0/0 Thanks for the help. I tried it but unfortunately it's still blocking. Here's the /var/log/messages. It looks like the same error. I also tried removing the "! -y" in the original IPCHAINS arguments and that didn't help either. Dec 10 10:54:26 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147.124:1384 166.84.0.213:25 L=60 S=0x00 I=39172 F=0x T=64 SYN (#37) Dec 10 10:54:26 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147.124:1385 166.84.0.212:25 L=60 S=0x00 I=39174 F=0x T=64 SYN (#37) Dec 10 10:54:26 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147.124:1386 166.84.0.167:25 L=60 S=0x00 I=39176 F=0x T=64 SYN (#37) Dec 10 10:55:05 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147.124:1388 207.46.181.94:25 L=60 S=0x00 I=39197 F=0x T=64 SYN (#37) ---[ http://www.magpie.com ]---=oo------- Steve Manes Brooklyn, N'Yawk
IPCHAINS and Qmail
I installed 'ipchains' on my Redhat 7.0 mail server today. Not being a firewall guru, I had the www.linux-firewall-tools.com/linux/firewall/ site build me a script. I had pretty good luck with it on a web server but I've run into a problem with Qmail. As soon as I activate the firewall, mail gets backed up. /var/log/messages says: Dec 10 01:02:49 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. 124:3687 206.26.89.202:25 L=1064 S=0x00 I=46413 F=0x T=64 (#37) Dec 10 01:02:55 meg kernel: Packet log: output REJECT eth0 PROTO=6 166.84.147. 124:4396 204.242.84.1:25 L=60 S=0x00 I=46421 F=0x T=64 SYN (#37) Any idea what's causing this? The problematic firewall script is rather large (25k) so I've posted it on my web server at http://www.magpie.com/work/rc.firewall.html ---[ http://www.magpie.com ]---=oo--- Steve Manes Brooklyn, N'Yawk
Re: Melissa Virus
At 09:57 PM 4/2/99 -0700, Scott wrote: If companies would just get it that ALL of their PC users need training and rules to follow (like never turn off macro protection or you get canned) If this is the case.. then why have macros be able to be executed in the first place? It seems that people *want* this convenience, but then they don't want to live with the consequences. This is a bit like saying "why allow manufacturers to build 160-horsepower sportbikes when you know that some inexperienced kid is gonna buy one?" The answer is that it's a technology-driven marketplace. Without end-user judgement, you're roadkill waiting to happen. I build websites for a large NYC advertising agency. I tech-lead the account for a very large international communications hardware company. The strict security standards we must follow for development of their websites is just short of paranoid schizophrenia. However, some of their management insists that we send them self-extracting ZIP files of creative proposals as email attachments because it's "easier". This is a bit like having a forged steel front door and leaving the window open. Not surprisingly, Melissa shut down their corporate mail system for two days. ---[ http://www.magpie.com ]--- =oo --- Steve Manes Brooklyn, N'Yawk