Sendmail/Redhat 9 - can send but not receive

angelo l angelohl at hotmail.com
Thu May 12 22:01:08 UTC 2005 

===========THE CONFIGURATION=============

         *==Internet==*
               |
               |
         ______|____________________
         |  Firewall                |
         |21 open to 116.168.1.2    |
         |22 open to 116.168.1.2    |
         |25 open to 116.168.1.2    |
         |80 open to 116.168.1.2    |
         |110 open to 116.168.1.2   |
         |113 open to 116.168.1.2   |
         |__________________________|
               |
         ______|_______________________________
         |  Server                             |
         |Eth0 (116.168.1.2)                   |
         |  (iptables - ipv4 fowarding enabled)|
         |Eth1 (10.12.1.1)                     |
         |_____________________________________|

1) I can ping the address from eth0 to eth1 and vice versa with no problem, 
internet access from addresses on the eth1 subnet is no problem either.
2) On the server the only files I have edited are listed here (verbatim):

***/etc/mail/sendmail.cw contains:
mail

***/etc/mail/sendmail.mc contains:
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`smmsp')dnl
FEATURE(`relay_based_on_MX')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`mydomainname.com')dnl
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

***/etc/mail/access contains:
localhost.localdomain		RELAY
localhost			RELAY
127.0.0.1			RELAY
116.168.1.2			RELAY
mydomainname.com			RELAY
# mail.mydomainname.com			RELAY
cyberpromo.com			REJECT
spam at buyme.com			550 Spammers shan't see sunlight here

***/etc/hosts
127.0.0.1	localhost.localdomain	localhost
#116.168.1.2	mail.mydomainname.com		mail

***/etc/mail/local-host-names contains:
localhost
localhost.localdomain
server1.mydomainname.com

***/etc/named.conf contains:
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
include "/etc/named.custom";
include "/etc/rndc.key";

zone  "0.0.127.in-addr.arpa" {
	type master;
	file  "0.0.127.in-addr.arpa.zone";
};
zone  "1.168.116.in-addr.arpa" {
	type master;
	file  "1.168.116.in-addr.arpa.zone";
};
zone  "localhost" {
	type master;
	file  "localhost.zone";
};
zone  "mydomainname.com" {
	type master;
	file  "mydomainname.com.zone";
};


***/etc/init.d/iptables contains:
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# (2) User-defined chain for ACCEPTED TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP

# (3) INPUT chain rules
## Rules for incoming packets from LAN
iptables -A INPUT -p ALL -i eth1 -s 10.12.1.0/8 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 10.12.1.0 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 116.168.1.2 -j ACCEPT
iptables -A INPUT -p ALL -i eth1 -d 10.12.1.255 -j ACCEPT

## Rules for incoming packets from the Internet
# Packets for established connections
iptables -A INPUT -p ALL -d 116.168.1.2 -m state --state \
ESTABLISHED,RELATED -j ACCEPT

# REJECT THESE JERKS from accessing anything (HACKERS):
iptables -A INPUT -p tcp -s 66.232.147.175 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 67.169.132.93 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 202.9.128.100 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 202.9.183.254 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 202.153.41.139 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp -s 210.51.188.113 -j REJECT --reject-with tcp-reset

# TCP rules
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 25 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 110 -j okay
iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay

# UDP rules
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT

# ICMP rules
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT

# (4) FORWARD ip rules
# Accept packets I want to forward
iptables -A FORWARD -i eth1 -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# (5) OUTPUT ip rules
# ONLY output packets with local addresses (NO spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 10.12.1.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 116.168.1.2 -j ACCEPT

# (6) POSTROUTING ip rules
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 116.168.1.2
# uncomment the bottom for DHCP if it works first
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


===========THE PROBLEM=============
Mail is going out to the Internet, but no matter what account I use (i.e., 
freebee sites or otherwise, mail isn't coming in. When I review the mail 
server logs, I see it trying to be delivered:

May 12 17:24:10 SERVER1 sendmail[3883]: j49NiYov005141: 
to=<root at localhost.localdomain.mydomainname.com>, 
ctladdr=<root at SERVER1.mydomainname.com> (0/0), delay=2+21:39:17, 
xdelay=00:00:00, mailer=esmtp, pri=5880651, 
relay=localhost.localdomain.mydomainname.com., dsn=4.0.0, stat=Deferred: 
Connection timed out with localhost.localdomain.mydomainname.com.

What is going on??? Why can't I receive mail???

More information about the redhat-list mailing list