IP6tables and sendmail
Gregory P. Ennis
PoMec at PoMec.Net
Sat Nov 27 19:42:52 UTC 2004
Deron,
Thanks very much for your help!
I am able to send an e-mail message from the RH8 system to the FC3 system and it
makes it through both sendmails without a problem, but I am still getting messages on
the FC3 system that the RH8 will not allow a connection.
I have included my answers below.
Greg
Deron Meranda wrote:
>
> I sounds like you are having some other issue. This whole IPv6 theory
> may not have anything to do with it.
I agree with you. Wanted to begin to understand iptables anyway so the time was not
lost.
>
> What do you mean by the "ntp" symptoms? What's the output of running
> "ntpq -c peers"?
My understanding of .RSTR. means that it is locally blocked
root at dev mail]# ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
Time1.Stupi.SE .RSTR. 16 u - 64 0 0.000 0.000 4000.00
tick.usnogps.na .RSTR. 16 u - 64 0 0.000 0.000 4000.00
Tick.UH.EDU .RSTR. 16 u - 64 0 0.000 0.000 4000.00
time-nw.nist.go .RSTR. 16 u - 64 0 0.000 0.000 4000.00
> The most puzzling thing is that you said a 'telnet xxx 25' works. So,
> here's some things we need to try:
>
> 1. Look up MX records, etc.
>
> $ host -t mx rh80host.yourdomain.com.
> $ host -t mx yourdomain.com.
> $ host -t a rh80host.yourdomain.com.
The Rh8 system is set up with DNS and has a MX record pointing to it's own IP address
the FC3 system is not set up with DNS and am only planning on using it as a firewall
and internal e-mail server. It will perform POP3 functions and relay all out going
mail to the R8H system. The RH8 system is the one that is receiving and sending the
messages from this Fedora User's list.
>
> 2. Get the qf* file. When you attempt to send mail and it's refused,
> does it stay queued for delivery? Run,
>
> # sendmail -bp
>
> If you see it listed in there, get the queue number and go find the
> corresponding qf* file under /var/spool/mqueue.
The messages I am getting in the qf files and maillog files are the same, the RH8
server is not allowing a connection. I can still telnet RH8.domain.com 25 and send a
manual message.
V8
T1101333659
K1101581627
N66
P5880369
I3/2/2231279
MDeferred: Connection refused by RH8.domain.com
Fwbs
$_localhost.localdomain [127.0.0.1]
$rESMTP
$slocalhost.localdomain
${daemon_flags}
${if_addr}127.0.0.1
S<root at localhost.localdomain>
A<>
MDeferred: Connection refused by RH8.domain.com
> 3. How heavily cusomized are your systems. Like your sendmail.mc
> file. iptables and ip6tables? Are you running any sendmail milters?
>
I am able to send an e-mail message from the RH8 system to the FC3 system and it
makes it through sendmail without a problem, but I am getting messages on the FC3
system that the RH8 will not allow a connection. I do not have a milter set up on
the FC3 system, but plan on using spamassassin, and clamav with procmail
I plan to make this box pretty customized, in order to function as a firewall, and
e-mail server, but it is certainly not customized now.
I am able to send an e-mail message from the RH8 system to the FC3 system and it
makes it through sendmail without a problem, but I am getting messages on the FC3
system that the RH8 will not allow a connection.
I am continuing to work on iptables with shorewall in that this seems where the
problem should be. If I flush iptables with -F I am unable to connect to any other
machine on the local network. Here is what I have on the FC3 system with -L :
[root at dev mqueue]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.0.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
More information about the fedora-list
mailing list