Re: what's wrong with my sendmail?

Subject: Re: what's wrong with my sendmail?
From: shortpier (shortpier@shortpier.is-a-geek.com)
Date: Tue Nov 11 2003 - 21:45:32 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Justin Dieters: "Re: what's wrong with my sendmail?"
• Previous message: Justin Dieters: "Re: what's wrong with my sendmail?"
• In reply to: Justin Dieters: "Re: what's wrong with my sendmail?"
• Next in thread: Justin Dieters: "Re: what's wrong with my sendmail?"
• Next in thread: W.D. McKinney: "Re: what's wrong with my sendmail?"
• Reply: shortpier: "Re: what's wrong with my sendmail?"
• Reply: shortpier: "Re: what's wrong with my sendmail?"

It would not need to mangle it...

On Thu, 2003-11-13 at 14:41, Justin Dieters wrote:
> I believe that when it forwards, it doesn't mangle the IP address. For
> instance, before I had my webmail set up, I had mtaonline.net set up as
> a valid relay domain, so I could send mail from work using my server.
> Without it, it would deny it, because it recognized that it came from my
> work IP and not my smoothwall IP.
>
but if your smoothwall is Accepting a packet on the Inet iterface with a
IP of a private interface machine and just letting it be forwared into
the internal lan cause it hase a gateway/route for it could be how some
one got into your machine to send this...

> A bit more information: I disconnected my server from the network, and
> smoothwall's traffic graphs show that is probably where all this crap is
> coming from. Before disconnecting, I was averaging 6K/sec outgoing,
> which is quite a bit for my server. GCI's cable modem usage page shows
> that the past few days I've been uploading over 200-400MB/day, whereas
> my typical upload usage for several months preceding this was around
> 100MB/day. Cacluating it out, a sustained 6K/sec turns about to be
> around 500MB/day, so that matches GCI's numbers pretty closely.
>
OUCH How I caught the guy doing my box was a tcpdump as the stuff was
comming in and useing Ntop (http://www.ntop.org) to do live traceing of
traffic to trace down the IP addy of the source.. He only got me for
120 megs of traffic

Hope you get this figured out.. I am out of ideas ...

Shortpier
> My green interface has barely any upload traffic, so virtually of this
> is coming from my orange network.
>
> Justin
>
>
> shortpier wrote:
> > If your smoothwall is just forwarding the port AUTOMATICLY Before
> > firewall rules ( I dont know smoothwall I use shorewall on Mandrake)
> > Then your server in the DMZ accepts the traffic on port 25.... Sees
> > that it is from a "local" machine on a Local IP addy.. and A local
> > interface and Says Ok thanks ... Ill send this right out for you.....

-- 
-- Attached file included as plaintext by Listar --
-- File: signature.asc
-- Desc: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQA/sdcLNyWzwlj5xp4RAuQyAKCGCkrlpgwy8hKPDn/giaNZba1a3ACgmrD8
0fQMp7veJT5v4hCwp8hFMXk=
=RC9h
-----END PGP SIGNATURE-----
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Justin Dieters: "Re: what's wrong with my sendmail?"
• Previous message: Justin Dieters: "Re: what's wrong with my sendmail?"
• In reply to: Justin Dieters: "Re: what's wrong with my sendmail?"
• Next in thread: Justin Dieters: "Re: what's wrong with my sendmail?"
• Next in thread: W.D. McKinney: "Re: what's wrong with my sendmail?"
• Reply: shortpier: "Re: what's wrong with my sendmail?"
• Reply: shortpier: "Re: what's wrong with my sendmail?"

This archive was generated by hypermail 2a23 : Thu Nov 13 2003 - 15:17:53 AKST