I have 3 IP addresses assigned to my Internet interface. Off course two of them are virtual. So let say I have 212.1.1.1 which is originaly asigned to firewall for IPSec/VPN, then 212.1.1.2 that is a new one publishing an WEB server using a DNAT rule and 212.1.1.3 which is where my MX record points to. The problem is that I activate the SMTP proxy instead publishing with DNAT rule so the port 25 looks open for the three IP addresses. Off course another SMTP server will enter only using the 212.1.1.3 since the DNS is pointing that as MX record... but a hacker could try to mess with the other two IP addresses.
How can I assign the SMTP proxy to the 212.1.1.3 only????
I thought making some DNAT rules to no place but looks quite dirty solution to me . Any idea?
I've seen this also and would like to know how to get around it. I just put in a seperate spam solution on the Internet side of our firewall. I've changed our MX record to point to the new box and removed the Astaro's IP from the MX in DNS. The spam box gets the traffic and then forwards the good mail to the Astaro box. Here is the problem, even several weeks after this change I am still seeing connections from the public, Spammers, straight to the Astaro box. So, the spammers must be caching our DNS entry for a very long time or they have our IP staticly defined??? maybe? Anyway, I would like to change the IP that the spam box sends to, to one of the other IPs already defined, but in this case that will not do any good because it accepts mail on all the IPs.
If there is not an easy way to change this, I guess it would be a feature request.
It is not due to the caching of DNS... the spammers does port 25 scanning on IP addresses. While testing my email solution I use the real IP before setting the MX record and I was surprised with spammers going into the IP directly.
So maybe the reason is a mix of two.
Anyway I understand your problem... and YES... it's basically like my problem.
It is not due to the caching of DNS... the spammers does port 25 scanning on IP addresses. While testing my email solution I use the real IP before setting the MX record and I was surprised with spammers going into the IP directly.
So maybe the reason is a mix of two.
Anyway I understand your problem... and YES... it's basically like my problem.
. Any idea?