problem with ubuntu server firewall
Hi
i have installed ubuntu server 9.10 I have the following things on my server MY SQL Apache SQUID Postfix Dovecot fetchmail clamav antivirus All the services are working great and no probs I use the machine for internet routing and personal mail server which connets and collects my mail from isp server. but today when i was browsing it went very slow almost dead, and when i checked i found 2 many connection (netstat) on smtp and 3128 port. Kindly let me know how to stop all this, i have also activated the linux firewall but nothing is working. And my bandwidth is going for a toss in case u require my conf file to posted pls let me know which one you wish to look at to solve this issue |
How many connections do you have to your box via SMTP? What's the load? Do you have your MTA configured as an open relay? I'm guessing you don't because you're using postfix. Can you post your main.cf without comments here?
Regards, Alunduil |
How many connections do you have to your box via SMTP? What's the load? Do you have your MTA configured as an open relay? I'm guessing you don't because you're using postfix. Can you post your main.cf without comments here?
Regards, Alunduil |
here is the output that you wanted of the postfox main.cf file
Quote:
The no of connection from my place to post fix is jut 4 mail box and 2 mail box to other isp. the 4 mail box are configured using fetchmail which pulls and delivers the email. The connections when i see on the netstat command is something like Quote:
|
Why do you have the myhostname set to a shortname? If I'm not mistaken postfix wants a FQDN for hostname. Also, are you familiar with the machines making connections? Try running this:
Code:
netstat -nat | grep <myip>:25 | gawk '{print $5}' | cut -d : -f 1 | sort | uniq -c | sort -n Alunduil |
hi
I am not familar with machines making connections, if you can pls provide me more info on the same. I have kept the hostname short and not used FQDN is because if i am using the FQDN postfix stops delivering the emails and fails. with msg 421 so after a lot of experiment this was setup and it started working the above code given by u is not working because i dont think i have gawk installed, do u want me to install the same. |
Yes, if you can run that command then we can find out who is using your mail server and see if they are using you as a spam relay or just being mean and connecting to you quite a bit.
If you add your FQDN to the /etc/hosts file does postfix work with it at that point? Regards, Alunduil |
yes in my /etc/hosts file i have my FQDN and postfix is working fine.
In the mean time what i did was changed the port of SQUID from 3128 to a diff port now all the attacks are gone for the past 24hrs its fine and there seems to be no issue, i guess the problem would have been that my user might be using torrent which i have now banned. And now the bandwidth is normal. Should i continue and wait if there is any problem or issue |
Did you have squid accessible from the outside? If so then yes, I imagine that was the cause of your bandwidth woes. Otherwise, it may have been the torrents. To find out I would use a tool like iptraf or nettop.
Regards, Alunduil |
i guess yes while i was working on the ip tables and the security i had allowed port 3128 to the outside worls in the sense is incoming which i have now closed.
I have even banned the torrents now so that the network is not disturbed due to all this. I would like to thank you for the help that you have extended. |
All times are GMT -5. The time now is 04:44 PM. |