Avatar of itemc
itemc
 asked on

Open Relay from Reverse DNS entry

Dear Experts

I am using IPCOP as my firewall and Blue Centos as my mail Server. I have two external IPs for my MX records for my domain. The first IP is 12.204.178.228 and the other is used as my reverse DNS entry which is 12.204.178.227. My mail server is in the green network and I have port forwarding in IPCOP which points to the mail server.

A couple days ago I started getting alot of spam from my network which I thought was due to a clients computer infected but after a lot of testing with wireshark I ruled that out as I could not find the machine. I did block port 25 in ipcop by editing the rc.firewall.local.

After some research I came to find out that my reverse dns entry (12.204.178.227) is an open relay. I just don't know how to close this relay. I would greatly appreciate the help.  

Thanks

Chris
Email ServersLinux Security

Avatar of undefined
Last Comment
Pierre François

8/22/2022 - Mon
Pierre François

On IPCop, when you allow port forwarding to your mail server, which ports did you forward?
itemc

ASKER
I have forwards port 110 and 25 on IP address 12.204.178.228. I also had an open relay on the IPCOP router which's ip address is 12.204.178.226 which I forwards smpt port 25 to 10.0.100.99 this is a dead ip address.
Pierre François

I think there is a little confusion about what and how to forward:

You should forward tcp proto on port 110 and 25 to some local address inside the green network where your mail server resides, typically 10.0.100.x (where x != 99 which is dead) for SMTP and POP traffic.

For reverse DNS lookups, you have to forward udp proto 53 to the local machine running the DNS server.

Now, for avoiding spam, you c
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
Pierre François

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
itemc

ASKER
Thank you pfrancois I did figure out my problem after reading your message. We are going to change our system so instead of red and green we are going to have red green and orange, so my mail server will be in a DMZ network. Thank you for your the response.
itemc

ASKER
Basically I saw where my configuration was wrong and which is the best way to get the network more secure.
Pierre François

Thank you for your consideration. Indeed, it is better to put the mail server into the orange DMZ.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.