how to configure firewall for port 25

melainine · 02-11-2008, 07:58 AM

how to configure my firewall so that only my actual mail server can send data out on port 25 where i have a lan and using nat method ...
help will be appreciated

thank you

acid_kewpie · 02-11-2008, 08:03 AM

we can't help you if you don't tell us anything about this firewall...

melainine · 02-11-2008, 08:28 AM

will , am using fedora and sendmail , last days i found that am blocked and in senderscore.org i found that other domain such "1cho.com" and "el-puente.de" and "jemp.com.br" sends mail using my IP ,
now the goal is to stop them, i dont know how they could use my ip ???

and this prob is killing me , cause all the employees cant send mails for yahoo and hotmail and others ...

help will be appreciated

acid_kewpie · 02-11-2008, 08:33 AM

Generally your isp would provide an smtp relay host to validate you. Have they defined one for your use?

melainine · 02-11-2008, 08:42 AM

i have my own dns and i have rdns and i configured mailserver for our little company

acid_kewpie · 02-11-2008, 08:45 AM

OK, well your ISP still may have this within their internet architecture... It is more something used by home users on dynamic IP addresses, but is still valid for businesses often. If your IP has been incorrectly blacklisted you can check it out at a site like this... http://www.spamhaus.org/lookup.lasso

melainine · 02-11-2008, 08:56 AM

thank you so much ...

this information from senderscore.org

Sending Domains (3)
We've seen your IP sending email for these domains.
Domain Authenticated
1cho.com No
el-puente.de No
jemp.com.br No

and my external reputaion POOR

how did these domains could used my IP for send spam ???

Matir · 02-11-2008, 09:01 AM

Are you running an incoming mailserver as well? If so, have you checked if it is an open relay? If it's configured as an open relay, anyone could use your mailserver to send spam.

acid_kewpie · 02-11-2008, 09:01 AM

well those sites themselves don't look like spam senders... look like very genuine businesses, so they've been as done over as you by another real spammer. have you checked yourself for being an open relay? http://www.abuse.net/relay.html

melainine · 02-11-2008, 09:09 AM

yes, i did check am not an open-relay and i have rDNS and SPF but these site or spammers using their names and my IP to send spam to ppl

Matir · 02-11-2008, 09:14 AM

Have you performed a capture of your network traffic to see if there are any signs of the SPAM to help you determine the source?

acid_kewpie · 02-11-2008, 09:17 AM

Are we getting sidetracked here...? Do you still just want the answer to your initial question? it doesn't seem to bare any resemblance to where we've now ended up...

melainine · 02-11-2008, 09:22 AM

acid_kewpie : yes i still want the answer but i just added that to give you clear pic of what i want ...

yes i did not see any mail going in the log as a spam but i can see spam come to my users

acid_kewpie · 02-11-2008, 09:25 AM

well spam will come in if it's spam for your users... so looking at the firewall, you've still not said what it is... is this sendmail box behind it? or is it it? if you wish to recieve mail then you're going to still need to allow inbound connections anyway, which won't affect your spam situation.

melainine · 02-11-2008, 09:25 AM

i want to know how they can get my ip and how to block them from using it ,
cause these days am always blocked and de-blocked