Re: [Shorewall-users] Enabling Postfix MX backup server and port issues

Tom Eastep Thu, 24 Aug 2017 11:50:12 -0700

On 08/24/2017 10:04 AM, Davide Marchi wrote:
> Hi friends,
> I'm enabling Postfix MX backup server and from that moment I see
> "mydestination" and "relay_domains" ip DROP(ped)
> 
> "mydestination" is:91.205.175.213 (SERVER1)
> "relay_domains" is:5.189.166.16 (SERVER2)
> 
> 
> As here you can see:
> 
> SERVER1:
> Aug 24 18:13:22 server kernel: [17818755.169878]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=47055 DPT=1370 LEN=35
> Aug 24 18:13:43 server kernel: [17818776.776990]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=203.185.28.141
> DST=91.205.175.213 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=36637 PROTO=TCP
> SPT=23474 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
> Aug 24 18:13:45 server kernel: [17818778.506827]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=38443 DPT=1370 LEN=35
> Aug 24 18:14:22 server kernel: [17818815.200550]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=47055 DPT=1370 LEN=35
> Aug 24 18:14:28 server kernel: [17818821.683168]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=183.82.98.74
> DST=91.205.175.213 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=20329 PROTO=TCP
> SPT=29773 DPT=23 WINDOW=28501 RES=0x00 SYN URGP=0
> Aug 24 18:14:45 server kernel: [17818838.537167]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=38443 DPT=1370 LEN=35
> Aug 24 18:15:22 server kernel: [17818875.227643]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=47055 DPT=1370 LEN=35
> Aug 24 18:15:45 server kernel: [17818898.565454]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=38443 DPT=1370 LEN=35
> Aug 24 18:16:22 server kernel: [17818935.260714]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=47055 DPT=1370 LEN=35
> Aug 24 18:16:45 server kernel: [17818958.596958]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=5.189.144.220
> DST=91.205.175.213 LEN=55 TOS=0x00 PREC=0x00 TTL=58 ID=0 DF PROTO=UDP
> SPT=38443 DPT=1370 LEN=35
> Aug 24 18:16:48 server kernel: [17818961.460194]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:a8:50:00:08:e3:ff:fd:90:08:00 SRC=177.224.95.222
> DST=91.205.175.213 LEN=40 TOS=0x08 PREC=0x20 TTL=233 ID=27122 PROTO=TCP
> SPT=5925 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
> 
> 
> SERVER2:
> Aug 24 18:14:32 server2 kernel: [11662169.497170]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38
> DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=3365 DF PROTO=TCP
> SPT=43062 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0
> Aug 24 18:14:32 server2 kernel: [11662169.653266]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38
> DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=40411 DF PROTO=TCP
> SPT=43064 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0
> Aug 24 18:14:32 server2 kernel: [11662169.653692]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=115.236.90.38
> DST=5.189.166.16 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=16939 DF PROTO=TCP
> SPT=43063 DPT=3128 WINDOW=14600 RES=0x00 SYN URGP=0
> Aug 24 18:15:25 server2 kernel: [11662221.839410]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:30:af:08:00 SRC=37.203.214.106
> DST=5.189.166.16 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=36734 PROTO=TCP
> SPT=48798 DPT=3128 WINDOW=1024 RES=0x00 SYN URGP=0
> Aug 24 18:15:30 server2 kernel: [11662227.286478]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131
> DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=26442 DF PROTO=TCP
> SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
> Aug 24 18:15:33 server2 kernel: [11662230.244327]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131
> DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=26857 DF PROTO=TCP
> SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
> Aug 24 18:15:39 server2 kernel: [11662236.279754]
> Shorewall:net-fw:DROP:IN=eth0 OUT=
> MAC=00:50:56:3c:fb:65:28:99:3a:4d:23:91:08:00 SRC=185.80.155.131
> DST=5.189.166.16 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=27535 DF PROTO=TCP
> SPT=3560 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
> 
> 
> 
> Here Shorewall Dump:
> 
> SERVER1:https://pastebin.com/SqNmuYtN
> SERVER2:https://pastebin.com/s2DknWLK
> 
> 
> Could you kindly suggest me if the problem was caused by Postfix and
> eventually witch port I should open?
> 
> many many thanks!!


As far as I am aware, neither UDP port 1370 nor TCP port 1328 have
anything to do with Postfix. Port 1370 is us-gv (Unix Shell to
GlobalView) while 1328 is echoserver (and also used by malware). I
suggest that you use netstat to try to determine the process that is
using these ports:

On SERVER1

        netstat -unap | fgrep 1370

On SERVER2

        netstat -tnap | fgrep 1328

You may have to repeat each command multiple times to catch a process
that is bound to the specific port.

-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Re: [Shorewall-users] Enabling Postfix MX backup server and port issues

Reply via email to