 | | | open iptables for sendmail | open iptables for sendmail 2003-04-29 - By Eric Koldeweij
Back
If you sent mail to an outside SMTP server, all TCP packets from SMTP to
you get blocked by this firewall setup.
add a line:
[0:0] -A INPUT -d 10.40.26.2 -p tcp -m tcp --sport 25 -j ACCEPT
to enable return traffic.
If you're using a local SMTP server to deliver your mail you should also
add this line:
[0:0] -A INPUT -d 10.40.26.2 -p tcp -m tcp --dport 25 -j ACCEPT
And add the same 2 lines with 10.40.26.2 replaced by 127.0.0.1
(or better: allow ALL traffic from and to localhost through)
Another option, if you have the connection tracker enabled use it to
allow ESTABLISHED and RELATED traffic through. (sorry, only iptables
command available, I use my own firewall scripts instead of the RedHat
configurator)
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Eric.
Martin Ramskogler wrote:
> Dear Sirs,
>
> I'm running a Server with redhat. I want sendmail to send local mails
> (e.g. from php-scripts, or from shell-scripts) to another
> e-mail-address, but I can't get iptables work properly.
>
> I tried this configuration, but it doesn't work:
>
> :INPUT DROP [50957:5396723]
> :FORWARD DROP [0:0]
> :OUTPUT ACCEPT [336966:250894376]
> [0:0] -A INPUT -s 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT
> [0:0] -A INPUT -s 10.40.26.2 -p tcp -m tcp --dport 25 -j ACCEPT
> [0:0] -A INPUT -s 127.0.0.1 -p tcp -m tcp --sport 25 -j ACCEPT
> [0:0] -A INPUT -s 10.40.26.2 -p tcp -m tcp --sport 25 -j ACCEPT
> [0:0] -A OUTPUT -p tcp -m tcp --dport 25 -j ACCEPT
> [0:0] -A OUTPUT -p tcp -m tcp --sport 25 -j ACCEPT
>
> 10.40.26.2 is the IP of the server. When I stop iptables, everything
> works fine, the mails are sent. When I start iptables, the mails don't
> come out of the box.
>
> Can you help me?
>
> Thanks in advance,
>
> Martin Ramskogler
Earn $52 per hosting referral at Lunarpages.
|
|
|