Very Computer

by **Patric** » Tue, 11 Mar 2003 20:56:13

Hello,

I'm having problems sending mail from my server. I can overcome the problem
if I set the policy on my INPUT table to ACCEPT, but for several reasons I
prefer to have the policy set to DROP. My IPTABLES policy statements are as
follows:

IPTABLES -P INPUT DROP
IPTABLES -P FORWARD ACCEPT
IPTABLES -P OUTPUT ACCEPT

When I change the policy to ACCEPT on the input chain I can send mail fine
but when I set to policy to DROP the mail gets hung up in the mail queue. I
added the following rules:

IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
IPTABLES -A -i lo -m state --state NEW -j ACCEPT

but still can't send mail which originates locally when I set the policy on
the INPUT chain to DROP. I'm sure this is something simple but I've been
unable to find any FAQ's that address this issue.

Help!

Thanks,

Patrick

by **deje1** » Wed, 12 Mar 2003 14:02:34

try forwarding udp also.

> Hello,

> I'm having problems sending mail from my server. I can overcome the problem
> if I set the policy on my INPUT table to ACCEPT, but for several reasons I
> prefer to have the policy set to DROP. My IPTABLES policy statements are as
> follows:

> IPTABLES -P INPUT DROP
> IPTABLES -P FORWARD ACCEPT
> IPTABLES -P OUTPUT ACCEPT

> When I change the policy to ACCEPT on the input chain I can send mail fine
> but when I set to policy to DROP the mail gets hung up in the mail queue. I
> added the following rules:

> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
> IPTABLES -A -i lo -m state --state NEW -j ACCEPT

> but still can't send mail which originates locally when I set the policy on
> the INPUT chain to DROP. I'm sure this is something simple but I've been
> unable to find any FAQ's that address this issue.

> Help!

> Thanks,

> Patrick

by **acruxi** » Wed, 12 Mar 2003 17:13:57

> Hello,

> I'm having problems sending mail from my server. I can overcome the problem
> if I set the policy on my INPUT table to ACCEPT, but for several reasons I
> prefer to have the policy set to DROP. My IPTABLES policy statements are as
> follows:

> IPTABLES -P INPUT DROP
> IPTABLES -P FORWARD ACCEPT
> IPTABLES -P OUTPUT ACCEPT

> When I change the policy to ACCEPT on the input chain I can send mail fine
> but when I set to policy to DROP the mail gets hung up in the mail queue. I
> added the following rules:

> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT
> IPTABLES -A -i lo -m state --state NEW -j ACCEPT

> but still can't send mail which originates locally when I set the policy on
> the INPUT chain to DROP. I'm sure this is something simple but I've been
> unable to find any FAQ's that address this issue.

> Help!

> Thanks,

> Patrick

try

IPTABLES -A **INPUT** -i lo -m state --state NEW -j ACCEPT

by **jack** » Wed, 12 Mar 2003 18:56:36

> IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT

Try this: Replace "dport" with "sport". Your box will connect to the
SMTP server port 25 from an arbitrary local port. The server will re-
ply from port 25. So it is the _source_ port that You know, not the
arbitrary port on Your local machine which will be different for each
connection.

You could also try with a state rule like "ESTABLISHED".

Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

Very Computer

Mail problems through IPTABLES

Mail problems through IPTABLES

Mail problems through IPTABLES

Mail problems through IPTABLES

Mail problems through IPTABLES