On 08/24/2017 10:04 AM, Davide Marchi wrote: > Hi friends, > I'm enabling Postfix MX backup server and from that moment I see > "mydestination" and "relay_domains" ip DROP(ped) > > "mydestination" is:91.205.175.213 (SERVER1) > "relay_domains" is:5.189.166.16 (SERVER2) > > > As here you can see: > > SERVER1: > Aug 24 18:13:22 server kernel: [17818755.169878] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=47055 DPT=1370 LEN=35 > Aug 24 18:13:43 server kernel: [17818776.776990] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=203.185.28.141 > DST=91.205.175.213 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=36637 PROTO=TCP > SPT=23474 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 > Aug 24 18:13:45 server kernel: [17818778.506827] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=38443 DPT=1370 LEN=35 > Aug 24 18:14:22 server kernel: [17818815.200550] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=47055 DPT=1370 LEN=35 > Aug 24 18:14:28 server kernel: [17818821.683168] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=183.82.98.74 > DST=91.205.175.213 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=20329 PROTO=TCP > SPT=29773 DPT=23 WINDOW=28501 RES=0x00 SYN URGP=0 > Aug 24 18:14:45 server kernel: [17818838.537167] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=38443 DPT=1370 LEN=35 > Aug 24 18:15:22 server kernel: [17818875.227643] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=47055 DPT=1370 LEN=35 > Aug 24 18:15:45 server kernel: [17818898.565454] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=38443 DPT=1370 LEN=35 > Aug 24 18:16:22 server kernel: [17818935.260714] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=47055 DPT=1370 LEN=35 > Aug 24 18:16:45 server kernel: [17818958.596958] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220 > DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP > SPT=38443 DPT=1370 LEN=35 > Aug 24 18:16:48 server kernel: [17818961.460194] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=177.224.95.222 > DST=91.205.175.213 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=27122 PROTO=TCP > SPT=5925 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0 > > > SERVER2: > Aug 24 18:14:32 server2 kernel: [11662169.497170] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38 > DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=3365 DF PROTO=TCP > SPT=43062 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0 > Aug 24 18:14:32 server2 kernel: [11662169.653266] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38 > DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=40411 DF PROTO=TCP > SPT=43064 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0 > Aug 24 18:14:32 server2 kernel: [11662169.653692] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38 > DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=16939 DF PROTO=TCP > SPT=43063 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0 > Aug 24 18:15:25 server2 kernel: [11662221.839410] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:30:af:08:00 SRC=37.203.214.106 > DST=5.189.166.16 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=36734 PROTO=TCP > SPT=48798 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0 > Aug 24 18:15:30 server2 kernel: [11662227.286478] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131 > DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=26442 DF PROTO=TCP > SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 > Aug 24 18:15:33 server2 kernel: [11662230.244327] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131 > DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=26857 DF PROTO=TCP > SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 > Aug 24 18:15:39 server2 kernel: [11662236.279754] > Shorewall:net-fw:DROP:IN=eth0 OUT= > MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131 > DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=27535 DF PROTO=TCP > SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0 > > > > Here Shorewall Dump: > > SERVER1:https://pastebin.com/SqNmuYtN > SERVER2:https://pastebin.com/s2DknWLK > > > Could you kindly suggest me if the problem was caused by Postfix and > eventually witch port I should open? > > many many thanks!!
As far as I am aware, neither UDP port 1370 nor TCP port 1328 have anything to do with Postfix. Port 1370 is us-gv (Unix Shell to GlobalView) while 1328 is echoserver (and also used by malware). I suggest that you use netstat to try to determine the process that is using these ports: On SERVER1 netstat -unap | fgrep 1370 On SERVER2 netstat -tnap | fgrep 1328 You may have to repeat each command multiple times to catch a process that is bound to the specific port. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users