Topic: Urgent PLEASE

[guest22]

Clearly you are not following the SME Server administration guidelines.


In this thread, you also show that you are manually changing IPTables, which is a bad thing. All changes must be done through custom templates or a especially designed contrib.


http://forums.contribs.org/index.php/topic,52133.msg266878.html#msg266878


Please read the administration manually carefully.

[ReetP]

Don't modify iptables manually - it is created by templates.

Read this :

http://wiki.contribs.org/DB_Variables_Configuration#Additional_information_on_customizing_iptables

You can also do something like this to completely block specific IPs or ranges.

Make a template like this :

/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff

Add this :

/sbin/iptables -A INPUT -s 1.2.3.4/32 -j DROP

signal-event remoteaccess-update

[georgios]

Clearly you are not following the SME Server administration guidelines.


In this thread, you also show that you are manually changing IPTables, which is a bad thing. All changes must be done through custom templates or a especially designed contrib.


http://forums.contribs.org/index.php/topic,52133.msg266878.html#msg266878


Please read the administration manually carefully.

Look, I move to the SME 9 this summer before we had a configuration with SME Server 7. my Previous colleague told me to import and save/restore each time at the same reboot the IPTABLES.

This is a subject I send last days because I did not know the contribs "geoip".

With doing a restart / postupgrade : signal-event post-upgrade; signal-event reboot I see that my "IPTABLES" is now clean.

[guest22]

Look, I move to the SME 9 this summer before we had a configuration with SME Server 7. my Previous colleague told me to import and save/restore each time at the same reboot the IPTABLES.

That was a bad advise.

[ReetP]

Look, I move to the SME 9 this summer before we had a configuration with SME Server 7. my Previous colleague told me to import and save/restore each time at the same reboot the IPTABLES.

Your 'colleague' obviously did not read the manual

Save yourself a lot of time and trouble - read the manual and the other wiki pages. There's is a lot of useful information there that will help you

[georgios]

That was a bad advise.

That was a bad advise.

so, if I check the pb.

1) Summer 2015, I install the new SME Server with SMTP Authentification 9.0 version:
   a) inserting the IPTABLES RULES of the old mail server SME 7
   b)reinstalling parameters with db config and some new module like SOGO
   c) using SSL typical of SME 9.0
   d) doing update last month
   e) each time reloading the last IPTABLES File

2) Before 5 days: Updating my server from "server manager"
  a) I notice that my server move to  9.1
  b) my SSL Certificat has been also updated with updating to 9.1
  c) Reloading after the post upgrade configuration the last IPTABLES file from SME 9.0
  d) Today : a lot of spam are sending from my SMTP (Sme Mail Server), my Provider (OVH) blocks my port 25 to stop the "big traffic"
  e) all the header are not sending from a PC from my office... but IP Taiwan..etc..
  d) my SMTP requires authentification (always)

checking why my SMTP is sending SPAM without Authentificaiton
before 10 minutes, I have done a "reboot" postupgrade, my IPTABLES are now clean...

[guest22]

So you have 2 problems:


1. Something on your network is producing spam, and you are trying to cover the symptoms with manually editing IPTables, but the root cause needs to be found.
2. You are not very familiar with SME Server and especially the templating system


Put 1 and 2 together and you are where you are now.


I advise you to start with 1 for that is effecting your users the most.

[georgios]

So you have 2 problems:


1. Something on your network is producing spam, and you are trying to cover the symptoms with manually editing IPTables, but the root cause needs to be found.
2. You are not very familiar with SME Server and especially the templating system


Put 1 and 2 together and you are where you are now.


I advise you to start with 1 for that is effecting your users the most.

hi, I understand finally what the problem should come from.

I understand the "configuration" of SME but I did very wrong thing with the IPTABLES with "hearing" someone else.

I will describe the problem in few minutes.

many thanks for the Help

[georgios]

Dear Helper,

Dear all,

first of all I apologize for my misunderstood.

Secondly, I understand that with restoring an IPTABLES because all the previous service name has changed during the update from 9 to 9.1

Therefore reloading the entire "IPTABLES" config was very very bad !

I use http://wiki.contribs.org/Qmhandle_mail_queue_manager to clean all my SPAM present in the /var/qmail/queue/mess/

For info: All the spams email "queue" founds was from "IP" outside of my network with no authentication.

The good thing is that my provider during this hours stop my port "25"
Also I disconnect my "Ethernet" port from the Ethernet cable.

As I can probably deduce: my config was not filtering the SMTP Authentication because all the IPTABLES was false.

So I do a post upgrade and reboot my server: my IPTABLES are clean now.

Then I use only geoip module from Contribs.


do you think am I right on the problem I think it is?

many thanks

Geo.

[DanB35]

Sounds like you're on the right track.  Once your ISP turns port 25 back on for you, use a tool like http://mxtoolbox.com/diagnostic.aspx to check that your server is behaving properly and isn't an open relay any more.

[georgios]

Sounds like you're on the right track.  Once your ISP turns port 25 back on for you, use a tool like http://mxtoolbox.com/diagnostic.aspx to check that your server is behaving properly and isn't an open relay any more.

FYI,
yesterday evening I unblock the port 25 of my Internet Provider (hosting OVH).

Good thing is that French Provider OVH is also doing an ANTI SPAM filtering on my local internet connection through my dedicated server.

The problem was : the IPTABLES reloading because all the "service name" before the IP TABLES INPUT were totally "FALSE" after updating my server to the 9.1 version.

Also as you told me guy, I was full not good advice by my previous colleague with the very bad thing to use IPTABLES. It was a bad advice, sure!

I will read the contribs regarding IPTABLES FW as RequestedDeletion and ReetP wrote me:

• http://wiki.contribs.org/DB_Variables_Configuration#Additional_information_on_customizing_iptables

So finally I understand with this big issue the bad thing to change manually IPTABLES and other parameters.


Many thanks for all of yours, Daniel B., brianr, ReetP, RequestedDeletion,DanB35

My server is ok, not a openrelay....

[Stefano]

you are welcome, as usual.. take some time to learn how SME works and it will be the best investment for the future