Open relay? Nonlocal recips but not originating

[MGStudioWEB]

Hi all,

I've following this tutorial for install Amavisd-new, ClamAV and SpamAssassin:
http://wiki.centos.org/HowTos/Amavisd

LogWatch report many lines like this:

**Unmatched Entries**
Open relay? Nonlocal recips but not originating: ***@***
....

What does this mean?

Thanks

[falko]

You can test here if your server is an open relay: http://www.spamhelp.org/shopenrelay/

[MGStudioWEB]

Hi Falco,

this is the result:

Testing 94.23.68.61 on port 25... Error - could not connect to server

This is the netstat output for smtp port:

tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 4293335 21386/master

I've read of a $originating variable that could not be set ... but where?

Thanks

[MGStudioWEB]

On a server like this without Amavis this messages are not present...

[falko]

What are the outputs of

Code:

iptables -L

and

Code:

getenforce

?

Do you host this server on a DSL/Cable line? If so, make sure your ISP doesn't block port 25.

[MGStudioWEB]

iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-sasl tcp -- anywhere anywhere tcp dpt:smtp
fail2ban-ModSec tcp -- anywhere anywhere multiport dports http,https
fail2ban-BadBots tcp -- anywhere anywhere multiport dports http,https
fail2ban-courierpop3 tcp -- anywhere anywhere tcp dptop3
fail2ban-IMAP tcp -- anywhere anywhere multiport dports pop3,pop3s,imap,imaps
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dptop3
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:imap
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain fail2ban-BadBots (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-IMAP (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ModSec (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-courierpop3 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-sasl (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

getenforce
Enforcing

This's a virtual machine on VMWARE EXSi server (Hosted on OVH), all virtual machine are in bridge mode.

Thanks

[falko]

Quote:

Originally Posted by MGStudioWEB

getenforce
Enforcing

Please disable SELinux and try again.

[MGStudioWEB]

SELinux disabled but not solved:

[root@ns1 log]# getenforce
Disabled

[root@ns1 log]# tail maillog -f
Dec 31 15:29:03 ns1 amavis[4259]: (04259-03) Open relay? Nonlocal recips but not originating:***

[MonkeyMan]

See:
http://groups.google.com/group/maili...a9c522cb291007

Also, update your amavis-logwatch filter.
http://logreporters.sourceforge.net/