Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Possible SMTP DoS attack?

Hybrid View

  1. #1
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default Possible SMTP DoS attack?

    Hi guys,

    am using Zimbra opensource edition. I can't remember the version but I don't think it's important as my issue seems to be a design flaw on my behalf!

    Basically this is the issue:

    I was having issues connecting to my version of Zimbra from OpenSolaris as both Thunderbird and Seamonkey didn't want to connect to the server when sending SMTP mail (POP3 and IMAP4 are fine).

    This was very weird since in Ubuntu 9.04 Seamonkey is fine.... I am guessing there's an issue with plain text logins but I can't be certain.

    Anyway, so due to my setup I have an SMTP relay agent in front of my Zimbra mail server running on a SPARC system and Solaris 9 using Postfix. This system basically just relays mail for my domain; but it seems to have been acting like a buffer between the net and my server. Due to my connection issues I changed my router configuration to have a static NAT definition between the Zimbra server and the ADSL interface rather then Solaris 9 based SMTP relay agent.

    After a few hours though the Zimbra server didn't function correctly with only 3 out of 8 log emails managing to make it through from my daily logwatch setup.

    I checked the logs and also the router static nat translations (it's a Cisco and is possible to do this), from the server the maillog showed that every second a few emails where being sent to the machine but subsequently denied as the system isn't an open relay and also got marked as SPAM. The router also showed many IP addresses being connected to the port of the Zimbra mail server too.......

    What is the cause of this or why did this happen and more importantly how can I prevent my system from blowing up like this again??? It's almost like a few DoS mail attacks occurred!!!! Ok they didn't hog the bandwidth but they did kill the system and render it almost unusable!

    Has anyone got any advice or an explanation for me???

    Many thanks for any responses :-)

    This would really help me learn admining a mail server better so the next time I setup a system like this I can open it 100% up to the web without any issues!!!

    Regards,

    Kaya

  2. #2
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    Ok, I finally have some more definitive things to show for this little rant of mine!

    This is a dump of one of my log files:

    Code:
    Unrecognized warning:
         disabling connection caching : 8 Time(s)
         lots of deferred mail, that is bad for performance : 45 Time(s)
         mail for [127.0.0.1]:10024 is using up 11504 of 11504 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 13998 of 13998 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 16501 of 16501 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 19184 of 19184 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 20000 of 20000 active queue entries : 38 Time(s)
         mail for [127.0.0.1]:10024 is using up 4001 of 4001 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 6399 of 6399 active queue entries : 1 Time(s)
         mail for [127.0.0.1]:10024 is using up 9336 of 9336 active queue entries : 1 Time(s)
         please avoid flushing the whole queue when you have : 45 Time(s)
         problem talking to service private/scache: Connection timed out : 49 Time(s)
         scache_find_dest_service: cannot send file descriptor: Connection reset by peer : 1 Time(s)
         see http://www.postfix.org/STRESS_README.html for examples of stress-dependent configuration settings : 2 Time(s)
         service "smtp" (25) has reached its process limit "100": new clients may experience noticeable delays : 2 Time(s)
         so that Postfix quickly skips unavailable hosts : 45 Time(s)
         so that Postfix wastes less time on undeliverable mail : 45 Time(s)
         to avoid this condition, increase the process count in master.cf or reduce the service time per client : 2 Time(s)
         to turn off these warnings specify: qmgr_clog_warn_time = 0 : 45 Time(s)
         you may need to increase the main.cf minimal_backoff_time and maximal_backoff_time : 45 Time(s)
         you may need to increase the master.cf smtp-amavis process limit : 45 Time(s)
         you may need to reduce smtp-amavis connect and helo timeouts : 45 Time(s)
     
     
     **Unmatched Entries**
     
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa1888@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa200015@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa200326@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa2101711@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa2204@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa2288@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa2720473@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa320@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgaqrs@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgarfild@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgb.hi@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgb100m@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgb670808@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgbhhbgvffvgbh@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgbhnjmkl080@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgc600@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgcaert01@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgd.tw@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     1C02D554D3B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<John_Emma159@pchome.com.tw> to=<vgear125@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa3388@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa475@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa480206@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9AF44554D3C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Samuel_Destiny951@so-net.net.tw> to=<spa5152779@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1B8654E891: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryce_Margaret951@ms7.hinet.net> to=<lesley0216@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1B8654E891: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryce_Margaret951@ms7.hinet.net> to=<lesley0407@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1BFE54E8AF: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Nathan_Victoria456@ms2.url.com.tw> to=<qq042704@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1BFE54E8AF: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Nathan_Victoria456@ms2.url.com.tw> to=<qq04341@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     AACCC54E134: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Stephen_Leslie789@pchome.com.tw> to=<xiaotwo0921@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     AACCC54E134: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Stephen_Leslie789@pchome.com.tw> to=<xiaowan38@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1BFE54E8AF: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Nathan_Victoria456@ms2.url.com.tw> to=<qq051200@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1B8654E891: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryce_Margaret951@ms7.hinet.net> to=<lesley0713@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     AACCC54E134: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Stephen_Leslie789@pchome.com.tw> to=<xiaoweifang13@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     C1B8654E891: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryce_Margaret951@ms7.hinet.net> to=<lesley0830@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     41ACA62CF56: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Stephen_Leslie789@ms15.url.com.tw> to=<jasonwu0721@mail.jiaher.com.tw> proto=SMTP helo=<81.178.2.118>
     CF23B62CF74: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Richard_Michelle456@ms3.url.com.tw> to=<dj61104@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     E204762CF8C: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Dakota_Alexandria357@sina.com.tw> to=<chi1666@ms4.hinet.net> proto=SMTP helo=<81.178.2.118>
     517AC62CF5B: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Zachary_Abigail789@ms5.hinet.net> to=<sb9061@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     9852E62CF72: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Lucas_Kylie654@msa.hinet.net> to=<j150076@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     8B3D662CF70: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Jesse_Mary201@url.com.tw> to=<a955003@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     6A1CC62CF5D: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryce_Margaret951@ms3.hinet.net> to=<halo1408@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     7C5BE62CF6C: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Garrett_Melanie56@ms13.url.com.tw> to=<dragonball2300@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     E7BB262CF76: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Jose_Katherine159@yahoo.com.tw> to=<dc8862@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     E7B4562CF75: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Spencer_Mia546@ms1.hinet.net> to=<new_206@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     NOQUEUE: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Nicholas_Sarah987@ms7.url.com.tw> to=<w0928470670@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     F24DE62CF64: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Charles_Gabrielle852@ms9.url.com.tw> to=<verycheapshop@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     3981262CF87: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Bryan_Jordan2548@ms12.hinet.net> to=<dream77827@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     AA82262CF73: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Alexander_Olivia357@seed.net.tw> to=<alfchentw1@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     AA82262CF73: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Alexander_Olivia357@seed.net.tw> to=<alfdd@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     0B7C462EA72: reject: RCPT from unknown[202.75.56.212]: 503 5.5.0 <unknown[202.75.56.212]>: Client host rejected: Improper use of SMTP command pipelining; from=<Kyle_Stephanie458@yahoo.com.tw> to=<jyi_horng@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     0B82162EA73: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Joseph_Elizabeth657@ms4.url.com.tw> to=<sbk0217@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     155B962EAB9: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Steven_Brittany4123@ms2.url.com.tw> to=<may_be_a43@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     DE57262EAB7: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Daniel_Ashley147@ms8.url.com.tw> to=<flying5782@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     E84CC62EAB8: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Nicholas_Sarah987@yam.com.tw> to=<ran048@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     8ED5F630DAB: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Garrett_Melanie56@ms14.hinet.net> to=<lulu935293@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     D7A61630DAF: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Richard_Michelle456@ms13.hinet.net> to=<kwitlp@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     2F3D4630DB1: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Ethan_Amanda625@msa.hinet.net> to=<ffyhy123@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     21180630DA7: reject: RCPT from unknown[202.75.56.216]: 503 5.5.0 <unknown[202.75.56.216]>: Client host rejected: Improper use of SMTP command pipelining; from=<Alex_Briana258@ms7.url.com.tw> to=<lindsay19817@yahoo.com.tw> proto=SMTP helo=<81.178.2.118>
     02180630DA6: reject: RCPT from unknown[202.75.56.214]: 503 5.5.0 <unknown[202.75.56.214]>: Client host rejected: Improper use of SMTP command pipelining; from=<Xavier_Marissa456@ms11.url.com.tw> to=<haru1626@yahoo.com.tw> proto=SMTP helo=<81.178.2.118> 
    <snip>
    I really hope someone can help me in figuring out what this is and why it occurs so that next time round I can take proper prevention measures.....

    Regards,

    Kaya

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Having a static NAT is fine. Please post the following
    Code:
    su - zimbra
    zmprov gs `zmhostname` zimbraMtaMyNetworks
    I do hope that you have not included the IP address of your router ?

  4. #4
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    Thanks for the response!! :-)

    Output is as follows:

    Code:
    # name x-ray.optiplex-networks.com
    zimbraMtaMyNetworks: 127.0.0.0/8 192.168.1.0/24 192.168.0.0/24
    I do hope that you have not included the IP address of your router ?
    Whoops, something to take note of for the future; however, this IP will change soon anyhow as I am going to be migrating the config over to another country pretty soon!!

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    If the MTA Networks includes the IP of your router then you have become a open relay

  6. #6
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    As shown before MTA not including the router!!!

    Only internal networks shown and loopback.

    The problem was from the log that I got hampered with people trying to use my server to relay mail which killed it in terms of resource usage.

    Also I seem to have the inability to send mail using port 25 of that machine as I could do it before but now it just refuses.....

    I have no clue as to what is going on???

  7. #7
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    Maybe I should try to clarify this if everyone is confused??

    From the log output I posted before I have a whole bunch of relay_access denied statements which is fine only since I got bombarded with them they killed my systems resourses; so the first step I want to tackle is how for that not to happen as mail that is surposed to get through couldn't!

    The second thing is that I would like for users externally who have accounts on the system to be able to log in and send SMTP mail. I had this functionality uptill I opened up my NAT to the server instead of my pure Postfix based SMTP relay server. Now I am just getting an error message saying relay access denied when the system should ask for my password once the username has been specified within an MUA such as Seamonkey or Thunderbird......

    Currently I am locked out of the system and can only send email via the web GUI system which is not as I had it before.

    HELP!! :-S

  8. #8
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Okay; you are not a open relay as I have just tested your IP address You appear to be on a DSL connection aswell so have you set up a Split DNS - Zimbra :: Wiki architecture ? As you have said you are blocking most things at the MTA level so if that is causing your server to become under load your server could be under powered. What are the specs of your server ? What RBLs are you using as well ?

  9. #9
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    Ok setup is complex as I'm running quite a bit of stuff!!

    Basically I have setup DNS in the form of ISC's Bind using views meaning I have an internal view and 2 external views; 1 for my current IP which is static and another for everybody else!! - I don't want to recursively allow anyone unknown or allow the hinted root zone to be looked up by anyone apart from known hosts or me

    Zimbra is configured to use DNS instead of NIS or LDAP; if I recall correctly as it's been a while (time to check link I think)

    The server is I know underpowered as it's a PIV 3.4GHz Dell desktop system with 1.5GB RAM! However, even with such low specs I could do worse and CPU shouldn't be sky high no??

    Also why for the life of me can't I send email from it when I am outside the network?? It should just work on username/password principle shouldn't it?? That's what it did before going haywire, however config hasn't changed meaning it's most likely me at fault somewhere.......

    Apologies for 2 questions wrapped up in one but they seem to be related if totally mutually exclusive.

  10. #10
    Join Date
    Jun 2008
    Posts
    45
    Rep Power
    7

    Default

    Oh didn't need split DNS as I have 2 Sun Netra T105's running in master/slave configuration

    Few...... thought I'd messed something up for a sec!

    I mean this system has been working fine for nearly a year so why mess up now?? Probably because I restarted it or something!!

Similar Threads

  1. sms zimlet troubleshooting
    By switchnetworks in forum Zimlets
    Replies: 19
    Last Post: 09-09-2009, 04:37 AM
  2. server dropped connection
    By ferra in forum Installation
    Replies: 20
    Last Post: 10-06-2008, 04:32 PM
  3. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 10:11 PM
  5. Replies: 12
    Last Post: 03-14-2006, 11:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •