Deron,
Thanks very much for your help!
I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through both sendmails without a problem, but I am still getting messages on the FC3 system that the RH8 will not allow a connection.
I have included my answers below.
Greg
Deron Meranda wrote:
I sounds like you are having some other issue. This whole IPv6 theory may not have anything to do with it.
I agree with you. Wanted to begin to understand iptables anyway so the time was not lost.
What do you mean by the "ntp" symptoms? What's the output of running "ntpq -c peers"?
My understanding of .RSTR. means that it is locally blocked
root@dev mail]# ntpq -c peers remote refid st t when poll reach delay offset jitter ============================================================================== Time1.Stupi.SE .RSTR. 16 u - 64 0 0.000 0.000 4000.00 tick.usnogps.na .RSTR. 16 u - 64 0 0.000 0.000 4000.00 Tick.UH.EDU .RSTR. 16 u - 64 0 0.000 0.000 4000.00 time-nw.nist.go .RSTR. 16 u - 64 0 0.000 0.000 4000.00
The most puzzling thing is that you said a 'telnet xxx 25' works. So, here's some things we need to try:
1. Look up MX records, etc.
$ host -t mx rh80host.yourdomain.com. $ host -t mx yourdomain.com. $ host -t a rh80host.yourdomain.com.
The Rh8 system is set up with DNS and has a MX record pointing to it's own IP address
the FC3 system is not set up with DNS and am only planning on using it as a firewall and internal e-mail server. It will perform POP3 functions and relay all out going mail to the R8H system. The RH8 system is the one that is receiving and sending the messages from this Fedora User's list.
2. Get the qf* file. When you attempt to send mail and it's refused, does it stay queued for delivery? Run,
# sendmail -bp
If you see it listed in there, get the queue number and go find the corresponding qf* file under /var/spool/mqueue.
The messages I am getting in the qf files and maillog files are the same, the RH8 server is not allowing a connection. I can still telnet RH8.domain.com 25 and send a manual message.
V8 T1101333659 K1101581627 N66 P5880369 I3/2/2231279 MDeferred: Connection refused by RH8.domain.com Fwbs $_localhost.localdomain [127.0.0.1] $rESMTP $slocalhost.localdomain ${daemon_flags} ${if_addr}127.0.0.1 S<root@xxxxxxxxxxxxxxxxxxxxx> A<> MDeferred: Connection refused by RH8.domain.com
3. How heavily cusomized are your systems. Like your sendmail.mc file. iptables and ip6tables? Are you running any sendmail milters?
I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through sendmail without a problem, but I am getting messages on the FC3 system that the RH8 will not allow a connection. I do not have a milter set up on the FC3 system, but plan on using spamassassin, and clamav with procmail
I plan to make this box pretty customized, in order to function as a firewall, and e-mail server, but it is certainly not customized now.
I am able to send an e-mail message from the RH8 system to the FC3 system and it makes it through sendmail without a problem, but I am getting messages on the FC3 system that the RH8 will not allow a connection.
I am continuing to work on iptables with shorewall in that this seems where the problem should be. If I flush iptables with -F I am unable to connect to any other machine on the local network. Here is what I have on the FC3 system with -L :
[root@dev mqueue]# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.0.0.0/24 anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT) target prot opt source destination