Hi

i have installed ubuntu server 9.10

I have the following things on my server

MY SQL
Apache
SQUID
Postfix
Dovecot
fetchmail
clamav antivirus

All the services are working great and no probs

I use the machine for internet routing and personal mail server which connets and collects my mail from isp server.

but today when i was browsing it went very slow almost dead, and when i checked i found 2 many connection (netstat) on smtp and 3128 port.

Kindly let me know how to stop all this, i have also activated the linux firewall but nothing is working. And my bandwidth is going for a toss

in case u require my conf file to posted pls let me know which one you wish to look at to solve this issue

How many connections do you have to your box via SMTP? What's the load? Do you have your MTA configured as an open relay? I'm guessing you don't because you're using postfix. Can you post your main.cf without comments here?

Regards,

Alunduil

How many connections do you have to your box via SMTP? What's the load? Do you have your MTA configured as an open relay? I'm guessing you don't because you're using postfix. Can you post your main.cf without comments here?

Regards,

Alunduil

here is the output that you wanted of the postfox main.cf file

I have changed the actual domain to mydomain.com

The no of connection from my place to post fix is jut 4 mail box and 2 mail box to other isp.

the 4 mail box are configured using fetchmail which pulls and delivers the email.

The connections when i see on the netstat command is something like

Why do you have the myhostname set to a shortname? If I'm not mistaken postfix wants a FQDN for hostname. Also, are you familiar with the machines making connections? Try running this:

Regards,

Alunduil

hi

I am not familar with machines making connections, if you can pls provide me more info on the same.

I have kept the hostname short and not used FQDN is because if i am using the FQDN postfix stops delivering the emails and fails. with msg 421 so after a lot of experiment this was setup and it started working

the above code given by u is not working because i dont think i have gawk installed, do u want me to install the same.

Yes, if you can run that command then we can find out who is using your mail server and see if they are using you as a spam relay or just being mean and connecting to you quite a bit.

If you add your FQDN to the /etc/hosts file does postfix work with it at that point?

Regards,

Alunduil

yes in my /etc/hosts file i have my FQDN and postfix is working fine.

In the mean time what i did was changed the port of SQUID from 3128 to a diff port now all the attacks are gone for the past 24hrs its fine and there seems to be no issue, i guess the problem would have been that my user might be using torrent which i have now banned.

And now the bandwidth is normal. Should i continue and wait if there is any problem or issue

Did you have squid accessible from the outside? If so then yes, I imagine that was the cause of your bandwidth woes. Otherwise, it may have been the torrents. To find out I would use a tool like iptraf or nettop.

Regards,

Alunduil

1 members found this post helpful.

i guess yes while i was working on the ip tables and the security i had allowed port 3128 to the outside worls in the sense is incoming which i have now closed.

I have even banned the torrents now so that the network is not disturbed due to all this.

I would like to thank you for the help that you have extended.