HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Open relay? Nonlocal recips but not originating (http://www.howtoforge.com/forums/showthread.php?t=50703)

MGStudioWEB 27th December 2010 18:21

Open relay? Nonlocal recips but not originating
 
Hi all,

I've following this tutorial for install Amavisd-new, ClamAV and SpamAssassin:
http://wiki.centos.org/HowTos/Amavisd

LogWatch report many lines like this:

**Unmatched Entries**
Open relay? Nonlocal recips but not originating: ***@***
....

What does this mean?

Thanks

falko 28th December 2010 23:11

You can test here if your server is an open relay: http://www.spamhelp.org/shopenrelay/

MGStudioWEB 29th December 2010 11:37

Hi Falco,

this is the result:

Testing 94.23.68.61 on port 25... Error - could not connect to server

This is the netstat output for smtp port:

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 4293335 21386/master

I've read of a $originating variable that could not be set ... but where?

Thanks

MGStudioWEB 29th December 2010 15:50

On a server like this without Amavis this messages are not present...

falko 30th December 2010 17:25

What are the outputs of
Code:

iptables -L
and
Code:

getenforce
?

Do you host this server on a DSL/Cable line? If so, make sure your ISP doesn't block port 25.

MGStudioWEB 30th December 2010 17:37

iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-sasl tcp -- anywhere anywhere tcp dpt:smtp
fail2ban-ModSec tcp -- anywhere anywhere multiport dports http,https
fail2ban-BadBots tcp -- anywhere anywhere multiport dports http,https
fail2ban-courierpop3 tcp -- anywhere anywhere tcp dpt:pop3
fail2ban-IMAP tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-IMAP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ModSec (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

getenforce
Enforcing

This's a virtual machine on VMWARE EXSi server (Hosted on OVH), all virtual machine are in bridge mode.

Thanks

falko 31st December 2010 14:12

Quote:

Originally Posted by MGStudioWEB (Post 247783)
getenforce
Enforcing

Please disable SELinux and try again.

MGStudioWEB 31st December 2010 15:32

SELinux disabled but not solved:

[root@ns1 log]# getenforce
Disabled

[root@ns1 log]# tail maillog -f
Dec 31 15:29:03 ns1 amavis[4259]: (04259-03) Open relay? Nonlocal recips but not originating:***

MonkeyMan 3rd January 2011 20:17

See:
http://groups.google.com/group/maili...a9c522cb291007

Also, update your amavis-logwatch filter.
http://logreporters.sourceforge.net/


All times are GMT +2. The time now is 05:49.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.