-3

I am using centOS in my server and the control panel is Webmin Virtualmin. I have 2 IPs in my server: one is Default and 2nd IP is Additional IP. The Additional IP I am using only for mail sending so I want to block all Ports for my Additional IP, except the SMTP port.

drab
  • 103
  • 3
Jack Vale
  • 1
  • 3
  • Can you not change postfix to listen only on the 2nd IP address, or am I missing something else? Postfix may be listening to 0.0.0.0, so changing inet_interfaces=[2nd ip] in postfix config may solve your issue. – Gmck Sep 17 '16 at 17:52
  • @Gmck my problem is some bad guys resolve my server real IP when my server send a mail like forgot password or welcome mail to my to client they become my member and use this type mail service then on gmail they click on (Show Original) and get my server real IP and keep DDoS attack on my server real IP then i have bought a 2nd Additional IP and setup postfix SMTP with my Additional IP. – Jack Vale Sep 17 '16 at 18:06
  • now when that guys resolve my IP from incoming mails from my server like forgot password mail etc they click on (Show Original) in google mail and there you got my Additional IP. thats why i want to block all ports of my Additional IP and only want to open SMTP port. – Jack Vale Sep 17 '16 at 18:07
  • i have found a command to block ports for specific interface 'iptables -I INPUT 1 -p tcp -i eth1 --dport 80 -j DROP' but its not working for me. – Jack Vale Sep 17 '16 at 18:08
  • Block it in your firewall, whatever that may be... Linux distros seem to come with UFW now, it's a bit easier to use. – Ryan Babchishin Sep 17 '16 at 18:08
  • @RyanBabchishin i did not installed any firewall. only IPtables installed but its command did not work for me. – Jack Vale Sep 17 '16 at 18:10
  • @JackVale Look info ufw, you might find it a bit easier than directly modifying iptables rules – Ryan Babchishin Sep 17 '16 at 18:10
  • @RyanBabchishin i did not get you about (ufw). what is this can you guide me in details. – Jack Vale Sep 17 '16 at 18:12
  • @JackVale It's a package for Linux. Anyways... there's a whole thing about what you're asking over here: http://superuser.com/questions/769814/how-to-block-all-ports-except-80-443-with-iptables – Ryan Babchishin Sep 17 '16 at 18:13
  • @RyanBabchishin i want to block ports for specific interface i mean specific IP. i have 2 IPV4 in my server mean 2 IPs. but i want to block ports only for one IP and this IP is additional IP i am using this IP only for mail sending. thats why i want to block all other ports on additional IP. – Jack Vale Sep 17 '16 at 18:17
  • @JackVale Does your ISP have a SMTP server you can use? If so, you could set postfix to use it rather than delivering mail directly. In any case, you need to put in firewall rule as Ryan points out. – Gmck Sep 17 '16 at 18:19
  • @Gmck i am using my own dedicated server with control panel webmin virtualmin and i have installed postfix server for mailing system. – Jack Vale Sep 17 '16 at 18:24
  • This question is being voted for closure because the author does not show a level of technical understanding or appropriate due diligence in researching the topic that the community judges as being a minimum barrier to participate. – Wesley Sep 17 '16 at 20:17

1 Answers1

1

You could change your firewall (iptables) settings via webmin. Just go to your virtualmin start page, click on "webmin" on the upper left side - you will find your iptables-settings at "Networking" -> "Linux Firewall".

Depending on your current settings, you will be asked to set up your firewall or to store current iptables settings.

Afterwards you could use the "Add Rule" button below the listing of "INPUT"-rules to add a new rule. Just set up two roles:

  • action: accept
  • Destination: [EQUALS] your additional IP
  • Network protocol: [EQUALS] TCP
  • Destination port: [EQUALS] 25

Second rule:

  • action: DROP
  • Destination: [EQUALS] your additional IP

A better way would be to set "drop" as default action and open used ports manually - but that would depend on the use of your other IP-adress.

At least you have to check all rules and apply the current settings by using the button at the bottom of the page. Keep in mind, that wrong firewall settings might keep you out of your server/webmin.

chrwhm
  • 121
  • 2
  • its working for me. very nice solution. thanks dear. – Jack Vale Sep 18 '16 at 07:41
  • its working very well but one more issue i am facing. i have blocked every thing as you tell me the iptables rules as (action = DROP) and (Destination = Additional IP) and also i have add the rules to accept 25 port with TCP network protocol. now all ports closed but only 25 port is open. its very good. but now the issue is when some one send email from gmail or any other TO my server email like admin@mydomain.com its working good but when i try to send mail from my server email to gmail or any its not working mail not send. which port i need to open or what i have to do? – Jack Vale Sep 18 '16 at 08:20
  • We should take a closer look to your mail-log (i.e. /var/log/mail.info) - could you please check, if there is an error? – chrwhm Sep 18 '16 at 08:34
  • `Sep 18 04:44:38 moderzteam dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=20829, secured, session= Sep 18 04:44:38 moderzteam dovecot: imap(support.balubox): Disconnected: Logged out in=32 out=449 Sep 18 04:44:39 moderzteam dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=20831, secured, session=<9hG6NMQ8qgB/AAAB>` – Jack Vale Sep 18 '16 at 08:47
  • `Sep 18 04:44:39 moderzteam dovecot: imap(support.balubox): Disconnected: Logged out in=44 out=556 Sep 18 04:45:02 moderzteam postfix/smtpd[20837]: connect from localhost.localdomain[127.0.0.1] Sep 18 04:45:02 moderzteam postfix/smtpd[20837]: 16F79C315E: client=localhost.localdomain[127.0.0.1], sasl_method=LOGIN, sasl_username=support.balubox Sep 18 04:45:02 moderzteam postfix/cleanup[20840]: 16F79C315E: message-id=<54ee328a315fa181755a2632e995d51f@balubox.com>` – Jack Vale Sep 18 '16 at 08:48
  • `Sep 18 04:45:02 moderzteam postfix/qmgr[13883]: 16F79C315E: from=, size=802, nrcpt=1 (queue active) Sep 18 04:45:02 moderzteam dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=20843, secured, session= Sep 18 04:45:02 moderzteam postfix/smtp[20841]: connect to gmail-smtp-in.l.google.com[2a00:1450:400c:c06::1b]:25: Network is unreachable` – Jack Vale Sep 18 '16 at 08:48
  • `Sep 18 04:45:02 moderzteam postfix/smtpd[20837]: disconnect from localhost.localdomain[127.0.0.1] Sep 18 04:45:02 moderzteam dovecot: imap(support.balubox): Disconnected: Logged out in=644 out=569` – Jack Vale Sep 18 '16 at 08:49
  • one more important thing i am using SSL TLS for mailing system. and i have already passed a rules in firewall to open the ports (587 , 465) but only 587 port show open 465 show blocked even i have passed the same rules in firewall. now three ports shown open 25,587. rules has been passed to open 465 but still its showing closed. – Jack Vale Sep 18 '16 at 08:51
  • issue has been Resolved i have blocked all ports for (Incoming Packets) but only open 25 port for (Incoming Packets) . then i have open All Ports for [Outgoing packets (OUTPUT)] . and now its working cool. thanks for you guide and help. – Jack Vale Sep 18 '16 at 10:06