Link to home
Create AccountLog in
Avatar of itemc
itemc

asked on

Open Relay from Reverse DNS entry

Dear Experts

I am using IPCOP as my firewall and Blue Centos as my mail Server. I have two external IPs for my MX records for my domain. The first IP is 12.204.178.228 and the other is used as my reverse DNS entry which is 12.204.178.227. My mail server is in the green network and I have port forwarding in IPCOP which points to the mail server.

A couple days ago I started getting alot of spam from my network which I thought was due to a clients computer infected but after a lot of testing with wireshark I ruled that out as I could not find the machine. I did block port 25 in ipcop by editing the rc.firewall.local.

After some research I came to find out that my reverse dns entry (12.204.178.227) is an open relay. I just don't know how to close this relay. I would greatly appreciate the help.  

Thanks

Chris
Avatar of Pierre François
Pierre François
Flag of Belgium image

On IPCop, when you allow port forwarding to your mail server, which ports did you forward?
Avatar of itemc
itemc

ASKER

I have forwards port 110 and 25 on IP address 12.204.178.228. I also had an open relay on the IPCOP router which's ip address is 12.204.178.226 which I forwards smpt port 25 to 10.0.100.99 this is a dead ip address.
I think there is a little confusion about what and how to forward:

You should forward tcp proto on port 110 and 25 to some local address inside the green network where your mail server resides, typically 10.0.100.x (where x != 99 which is dead) for SMTP and POP traffic.

For reverse DNS lookups, you have to forward udp proto 53 to the local machine running the DNS server.

Now, for avoiding spam, you c
ASKER CERTIFIED SOLUTION
Avatar of Pierre François
Pierre François
Flag of Belgium image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of itemc

ASKER

Thank you pfrancois I did figure out my problem after reading your message. We are going to change our system so instead of red and green we are going to have red green and orange, so my mail server will be in a DMZ network. Thank you for your the response.
Avatar of itemc

ASKER

Basically I saw where my configuration was wrong and which is the best way to get the network more secure.
Thank you for your consideration. Indeed, it is better to put the mail server into the orange DMZ.