Quote:
Originally Posted by dablew
Here are the rules:
iptables -A FORWARD -p tcp --dport 25 -j DROP
Forgive me but how would I check on the spam headers?And how would I know that my server is owned or hijacked ?
If so,what are the remedies if any..
Kindly help its taking even more time than I expected.
|
Hi,
I have been through the same ordeal you described. My clients kept on getting blacklisted on spamhaus and/or spamcop.net for no apparent reason. However, the last rule you posted will solve your problem:
iptables -I FORWARD -m tcp -p tcp --dport 25 -j DROP
The problem is being caused by a botnet infection on your LAN. Its a windows virus that comes packaged with a spam engine. It spends a couple of hours enumerating domains to attack by quering MX entries for domains then all at once sends a massive amount of spam. That rule ensures that your LAN PCs cannot directly send mail through your gateway. What happens is the generated message gets NATed from the gateway.
Try typing
iptables -vL and look at the byte counter for your FORWARD chain. I bet you'll see a number in the Ks or Ms.
You can find out which PCs are causing the problem with iptraf. Ofcourse that means you'll temporarily need to remove the DROP rule in the FORWARD chain. Any single private IP trying to send packets to the 25 port of a number of different public IPs is a winner
edit: Although I doubt it, you could check if your system has any backdoors installed with rkhunter.