A lot of answers were written, you might want to go through the mail archives. My strong, nay, vehement suggestion at this point is to format that box's disk drives and start over, then ask specific questions.
Portsentry is good. It is also non-free in the OSI sense since Psionic's purchase by Cisco, IIRC. Shorewall is a sight easier than editing iptables directly, but the people who can't handle it generally seem to like gshield. I've also used Monmotha in the past and liked it, does it work with iptables? Anyway, to grok shorewall you should read its docs. Here's some guiding principles: first, set up interfaces. There is at least one, which is the exterior ethernet. localhost not required here. second, set up zones. A zone is a network which is connected to an interface. There are at least two zones, one for localhost and one for the Internet. Change the Mandrake names to something you understand. third, set up policy (deny everything between Internet and localhost). fourth, set up rules (allow SMTP from Internet to localhost). On Sat, 2003-11-08 at 09:41, dfox wrote: > Apparently I cannot send mail with my postfix on localhost to the network. > > Previously this was working fine and I don't see any changes made to my > postfix configuration files. > > But in the last few days things have not gone well here. Firstly, my > system was hijacked and used as an open proxy to send megabytes of spam > to the network. :(. My isp filtered my outgoing smtp port and that is > when I began to see a few errors in my /var/log/mail/errors file (unknown > service tcp/smtp). > > After finding out about this, I tried to post to the list and I don't > think any of my messages went out. I had to go into /var/spool/postfix > and start deleting a whole bunch of files in deferred - there was at one > time seven megabytes of messages trying to get out! And those were the > invalid addresses. I wonder how spammers survive -- I guess they just > exploit other systems to do the dirty work :(. > > At the moment, My box is better secured thanks to portsentry (why isn't > this program in mandrake???? I could not urpmi it, but I did find it > through rpmfind.org and the source rpm built and installed fine. > > I tried running shorewall but got nowhere. I don't know how to edit > shorewall files and I don't want something that won't even let me ping my > gateway when installed. iptables is running because of portsentry but I > don't see anything that is specifically tied to port 25. And in atcp mode > it's supposed to ignore certain standard ports anyway. > > It seems like a catch 22 - if I disable the filters perhaps outbound smtp > will work, but if I do that, I'm back to where I was before, and people > will start targeting my box again. I counted 72 attempts of portscanning > done in less than six hours, and 10 minutes after I restarted httpd I got > spurious gets in my apache log files. I think this is how they got into > my box in the first place, since I don't do much if any web stuff, and my > log files are tiny - the other day they were over a megabyte. > -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
