LFD down, mails not coming in, Server Migration???

[contactwin]

Server migration and it's headaches...

I recently migrated to a new server and had the data transferred from an old p4, to a core processor based server.

Faced a lot of issues during migration, but finally went through, the problem now is that I can't receive email, even though exim seems to work.

Secondly, LFD was down, i did a custombuild update, lfd started running for a couple of weeks, it's down again, i updated the code again, but to no luck.

Thirdly, i can't seem to understand why i keep getting a message saying that over 3000 mails have been sent, warning that it could be a spammer.

But unfortunately, i can't see anything suspicious in the logs, could these messages be the amalgamation of the messages that i receive regarding lfd being down on my server?

Note: am not a server expert.

 

[zEitEr]

Hmm, what LFD are you talking about? What is it?

 

[contactwin]

lfd, is a firewall.

 

[nobaloney]

Who installed LFD for you? When you say it's down, do you mean firewll is open? If someone else is changing your firewall, then it's possible you've been hacked.

Jeff

 

[contactwin]

hi jlasman, lfd was installed in my previous server, i installed it by following the instructions, when i migrated to the new server, i just un-tarred the backup file, which of-course had the lfd config as well, it could also be that the settings weren't copied properly? how can i uninstall lfd, haven't found a guide to do that, i guess kiss is a better firewall right? could u provide me with the install guide for that too.

 

[contactwin]

okay i uninstalled lfd. which firewall do you guys recommend.

Plus any ideas why i get the mails rejected (incoming).
In my exim log, i get a authentication required error.

 

[nobaloney]

Since you uninstalled it without answering my questions, and since I don't know what you expect from a firewall, I can't answer your question about which firewall to use.

I use the KISS firewall as offered on my own site, here (nobaloney.net). It's very simple, and limited in what it does.

The install instructions are in the comments in the file.

Which version of exim.conf are you using (see the top lines of the file)?

Are you getting authentication error for emails coming to your server from some other server? If so, then your server isn't properly configured to receive email for your domains. If you're getting the error for emails you're trying to send out through your server, then you need to send email using plain-text authentication on port 587.

Jeff

 

[contactwin]

hi jeff,
Thank u for answering/asking my queries in depth.

The reason i uninstalled lfd/csf was simply because it was going down over and over again. So I thought that a fresh install of the same or a better fire-wall would suit my needs.

Since am a, u can call it a noob, as far as servers are concerned, I want a headache free firewall that can block attackers and let me have peace not just while configuring but something where I don't need to do much.

2.0 of the Spamblocker exim.conf is what I am using (modified by you).

Regarding emails, I can send, but I can't receive from any outside server, so that would mean, it hasn't been properly configured.

Thank You,
Awaiting your help

Best Regards
Amit

 

[nobaloney]

Thank u for answering/asking my queries in depth.

You're welcome. Unfortunately I'm still not getting the in-depth responses I need from you to help you.

The reason i uninstalled lfd/csf was simply because it was going down over and over again.

I still don't know what you mean by going down. Do you mean it stops blocking anything? Or that it starts blocking everything?

Linux-based firewalls such as LFD simply make changes to the firewall settings built into the linux kernel (netfilter) by using the user-level iptables command.

So if the firewall stops working properly that's because either LFD, CSF, or something or someone else, is running the iptables command to change the settings.

So I thought that a fresh install of the same or a better fire-wall would suit my needs.

I recommend trying the simple KISS firewall I've already mentioned simply because it doesn't run anything by itself. So it's a helpful test of what's going on and where. However it doesn't do what you want; it's not a reactive firewall, and it doesn't block attackers.

2.0 of the Spamblocker exim.conf is what I am using (modified by you).

I'm not sure what you mean by modified by you. If you mean I installed it for you and it doesn't work, then I'll fix the installation at no charge; simply contact me by email.

However if I didn't install it for you, then I can only tell you to read the Readme file; it isn't ready to use when you download it.

Regarding emails, I can send, but I can't receive from any outside server, so that would mean, it hasn't been properly configured.

You didn't explain the circumstances under which you get the authentication error.

Jeff

 

[contactwin]

by lfd going down, i meant that the process itself gets stopped, i try restarting it, and it does not start. (Am not sure whether it blocks everything or not.)

Oh! when i meant by you, the exim.conf had a note that it was modified by jlasman

I am not sure what u mean by circumstances, it's only that, whenever someone is trying to send me an email, they get a failure delivery, and the log files read "Authentication error"

 

[contactwin]

i hope i have explained it well, am fairly poor on the technical side.

 

[nobaloney]

by lfd going down, i meant that the process itself gets stopped, i try restarting it, and it does not start. (Am not sure whether it blocks everything or not.)

You'll need to get a response from someone who uses lfd; I don't, and therefore I don't know enough about the process. As I wrote already, I use KISS but it's probably not going to meet your needs; it doesn't proactively close ports based on perceived threats.

Oh! when i meant by you, the exim.conf had a note that it was modified by jlasman

I am not sure what u mean by circumstances, it's only that, whenever someone is trying to send me an email, they get a failure delivery, and the log files read "Authentication error"/QUOTE]
My Spamblocker version 2.0 exim.conf file is extremely old; it was written over five years ago. Neither I nor DirectAdmin support it any longer. It's probably no longer effective and in fact could be completely broken if it points to blocklists which no longer work.

I have no idea why your server isn't accepting email; to tell you I'd need you to open a support request with me for me to log into your server, and we charge for that. Contact me by email (address below in my siglines) if you want to hire us. Otherwise start by uploading a more recent exim.conf file from either DirectAdmin or from my site (nobaloney.net), modify and install it and the supporting exim.pl file, or hire me or someone else to do it for you.

Jeff