I've had my firewall off for the longest time because it would cause issues. I'm needing to turn it back on or figure something out because others are using my server as a relay smtp server and I'm maxing out my 1000 messages allowed by Road Runner. Whenever I enable my firewall, I'm hacing issues with mySQL. I have 2 sites: www.plastikracing.net and www.plastikhosting.net. To login to PlastikHosting, it connects to the SQL database on PlastikRacing to check login information. When I enable the firewall, something doesn't work at all because I won't connect to the database for some reason. Also, I need to figure out what to do to keep people from using my server as a SMTP relay.
You may check if your server is a open relay here: http://www.spamhelp.org/shopenrelay/ Did you open the mysql port in your firewall?
It says that my IP is not an open relay which doesn't explain why I've got a mail log that looks like this: Code: Mar 25 05:09:32 server postfix/smtpd[32696]: 541A649008D: client=adsl-157-21-186.msy.bellsouth.net[66.157.21.186], sasl_method=LOGIN, sasl_username=brandon Mar 25 05:09:32 server postfix/qmgr[31699]: DDF3E2A042C: from=<[email protected]>, size=15522, nrcpt=50 (queue active) Mar 25 05:09:32 server postfix/qmgr[31699]: D5383E0CCB: from=<[email protected]>, size=31642, nrcpt=1 (queue active) Mar 25 05:09:32 server postfix/qmgr[31699]: D0C2949089A: from=<[email protected]>, size=15224, nrcpt=50 (queue active) Mar 25 05:09:33 server postfix/qmgr[31699]: DE3952A03FB: from=<[email protected]>, size=15522, nrcpt=50 (queue active) Mar 25 05:09:33 server postfix/qmgr[31699]: D6187E0C11: from=<[email protected]>, size=15520, nrcpt=50 (queue active) Mar 25 05:09:33 server postfix/smtp[32709]: 2E1D7E0C46: to=<[email protected]>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=22343, status=deferred (host smtp-server.columbus.rr.com[65.24.7.60] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)) Mar 25 05:09:33 server postfix/qmgr[31699]: D7166E0A05: from=<[email protected]>, size=15520, nrcpt=50 (queue active) Mar 25 05:09:34 server postfix/smtp[455]: 2A532E09F4: to=<[email protected]>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=27223, status=deferred (host smtp-server.columbus.rr.com[65.24.7.60] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)) Mar 25 05:09:34 server postfix/qmgr[31699]: D13AF490C13: from=<[email protected]>, size=15522, nrcpt=50 (queue active) Mar 25 05:09:34 server postfix/smtp[32709]: 2E1D7E0C46: to=<[email protected]>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=22344, status=deferred (host smtp-server.columbus.rr.com[65.24.7.60] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)) Mar 25 05:09:34 server postfix/qmgr[31699]: DBC792A042F: from=<[email protected]>, size=15522, nrcpt=50 (queue active) Mar 25 05:09:34 server postfix/smtp[455]: 2A532E09F4: to=<[email protected]>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=27223, status=deferred (host smtp-server.columbus.rr.com[65.24.7.60] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)) Mar 25 05:09:34 server postfix/qmgr[31699]: D1426490870: from=<[email protected]>, size=15224, nrcpt=50 (queue active) Mar 25 05:09:34 server postfix/smtp[32709]: 2E1D7E0C46: to=<[email protected]>, relay=smtp-server.columbus.rr.com[65.24.7.60], delay=22344, status=deferred (host smtp-server.columbus.rr.com[65.24.7.60] said: 451 4.1.8 Domain of sender address [email protected] does not resolve (in reply to MAIL FROM command)) It doesn't stop there though. The log file is 555MB. Since it says I'm not an open relay, how is this happening? Also, those are the only 2 days that maillogs were created. Shouldn't it make a maillog everyday? In my /var/log/ directory, this is the list of files dealing with maillog: Code: -rw------- 1 root root 11184019 Apr 1 20:57 maillog -rw------- 1 root root 675394 Apr 1 04:17 maillog.1 -rw------- 1 root root 201775409 Mar 25 05:09 maillog.2 -rw-r--r-- 1 root root 315585709 Mar 25 00:00 maillog.24-03-07_23-59-03 -rw-r--r-- 1 root root 555713429 Mar 26 00:01 maillog.25-03-07_23-59-02 -rw------- 1 root root 192733 Mar 18 04:12 maillog.3 -rw------- 1 root root 164704 Mar 11 04:13 maillog.4 -rw-r--r-- 1 root root 7277510 Mar 31 23:59 maillog.ispconfigsave As for the firewall, both domains are on the same server so it's a localhost connection. I shouldn't need the mySQL port open should I?
No, the maillog is normally rotated when the size exceeds x MB. Back to the original spam problem. Either one of your mailuser accounts has been hacked and is now used to send spam emails or there are some php or perl scripts in the websites on your server that can be misused to send spam emails. If your server is in a NAT enviroment behind a router, the packages might be routed trough the external network if you dont connect to localhost and in this case, you must open the mysql port in your firewall.
