Re: IP6tables and sendmail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Deron,

Thanks very much for your help!

I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through both sendmails without a problem, but I am still getting messages on the FC3 system that the RH8 will not allow a connection.

I have included my answers below.

Greg


Deron Meranda wrote:


I sounds like you are having some other issue. This whole IPv6 theory may not have anything to do with it.

I agree with you. Wanted to begin to understand iptables anyway so the time was not lost.



What do you mean by the "ntp" symptoms? What's the output of running "ntpq -c peers"?

My understanding of .RSTR. means that it is locally blocked

root@dev mail]# ntpq -c peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 Time1.Stupi.SE  .RSTR.          16 u    -   64    0    0.000    0.000 4000.00
 tick.usnogps.na .RSTR.          16 u    -   64    0    0.000    0.000 4000.00
 Tick.UH.EDU     .RSTR.          16 u    -   64    0    0.000    0.000 4000.00
 time-nw.nist.go .RSTR.          16 u    -   64    0    0.000    0.000 4000.00

The most puzzling thing is that you said a 'telnet xxx 25' works.  So,
here's some things we need to try:

1. Look up MX records, etc.

   $ host -t mx rh80host.yourdomain.com.
   $ host -t mx yourdomain.com.
   $ host -t a rh80host.yourdomain.com.

The Rh8 system is set up with DNS and has a MX record pointing to it's own IP address
the FC3 system is not set up with DNS and am only planning on using it as a firewall and internal e-mail server. It will perform POP3 functions and relay all out going mail to the R8H system. The RH8 system is the one that is receiving and sending the messages from this Fedora User's list.



2. Get the qf* file. When you attempt to send mail and it's refused, does it stay queued for delivery? Run,

   # sendmail -bp

If you see it listed in there, get the queue number and go find the
corresponding qf* file under /var/spool/mqueue.

The messages I am getting in the qf files and maillog files are the same, the RH8 server is not allowing a connection. I can still telnet RH8.domain.com 25 and send a manual message.


V8
T1101333659
K1101581627
N66
P5880369
I3/2/2231279
MDeferred: Connection refused by RH8.domain.com
Fwbs
$_localhost.localdomain [127.0.0.1]
$rESMTP
$slocalhost.localdomain
${daemon_flags}
${if_addr}127.0.0.1
S<root@xxxxxxxxxxxxxxxxxxxxx>
A<>
MDeferred: Connection refused by RH8.domain.com


3. How heavily cusomized are your systems.  Like your sendmail.mc
file.  iptables and ip6tables?  Are you running any sendmail milters?


I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through sendmail without a problem, but I am getting messages on the FC3 system that the RH8 will not allow a connection. I do not have a milter set up on the FC3 system, but plan on using spamassassin, and clamav with procmail


I plan to make this box pretty customized, in order to function as a firewall, and e-mail server, but it is certainly not customized now.

I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through sendmail without a problem, but I am getting messages on the FC3 system that the RH8 will not allow a connection.

I am continuing to work on iptables with shorewall in that this seems where the problem should be. If I flush iptables with -F I am unable to connect to any other machine on the local network. Here is what I have on the FC3 system with -L :

[root@dev mqueue]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  10.0.0.0/24          anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpts:bootps:bootpc

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux