iptables and smtp relaying

iptables and smtp relaying

Post by Dea » Wed, 02 Apr 2003 15:18:15



I'm using qmail 1.03 on RedHat Linux 7.3 with kernel 2.4.18-27.7.x.

I recently got broadband access and set up an iptables firewall that
does very simple input/output/forwarding, just enough to allow SNAT
for my internal LAN, DHCP for the external interface and internal LAN,
any internal connections, and no *new* external connections at all.

I have qmail set up to allow relaying from the internal LAN:

[/etc/hosts.allow]
tcp-env: 127.0.0.1, .my.lans.fake.domain.name: setenv = RELAYCLIENT

My DNS server has valid zones for this fake domain as well; it works
with all other applications, including DHCPd, which gets the hostname
from DNS, not statically from the conf file.

I can send an external email (and verify it is delivered) from the
server itself with no problem.


But when I attempt to email via SMTP from the internal LAN, I get the
mail returned immediately as undeliverable with this error:

"553 sorry, that domain isn't in my list of allowed rcpthosts
(#5.7.1)"

/var/qmail/control/rcpthosts lists all possible domains I receive mail
for (via local delivery and fetchmail only though), but as per
documentation, qmail should ignore rcpthosts when tcpwrappers are
used.

Just in case, here's /etc/xinetd.d/smtp:

service smtp
{
        socket_type = stream
        protocol    = tcp
        wait        = no
        user        = qmaild
        server      = /var/qmail/bin/tcp-env
        server_args = /var/qmail/bin/qmail-smtpd
        disable     = no

Quote:}

I'm relatively sure this is a qmail problem, but as I also just set up
the firewall, it may be related. I'll probably kick myself for
forgetting something easy, but I'd appreciate any help. Any ideas?

Thanks.

Dean

 
 
 

1. smtp relaying w/ qmail and iptables

Short:

My SMTP server rejects mail from the internal LAN but not from the
server itself. I've set up qmail to relay from localhost and the LAN,
but it doesn't seem to be working. I just set up a firewall, but I
doubt that has anything to do with it.

Long:

I'm using qmail 1.03 on RedHat Linux 7.3 with kernel 2.4.18-27.7.x.

I recently got broadband access and set up an iptables firewall that
does very simple input/output/forwarding, just enough to allow SNAT
for my internal LAN, DHCP for the external interface and internal LAN,
any internal connections, and no *new* external connections at all.

I have qmail set up to allow relaying from the internal LAN:

[/etc/hosts.allow]
tcp-env: 127.0.0.1, .my.lans.fake.domain.name: setenv = RELAYCLIENT

My DNS server has valid zones for this fake domain as well; it works
with all other applications, including DHCPd, which gets the hostname
from DNS, not statically from the conf file.

I can send an external email (and verify it is delivered) from the
server itself with no problem.


But when I attempt to email via SMTP from the internal LAN, I get the
mail returned immediately as undeliverable with this error:

"553 sorry, that domain isn't in my list of allowed rcpthosts
(#5.7.1)"

/var/qmail/control/rcpthosts lists all possible domains I receive mail
for (via local delivery and fetchmail only though), but as per
documentation, qmail should ignore rcpthosts when tcpwrappers are
used.

Just in case, here's /etc/xinetd.d/smtp:

service smtp
{
        socket_type = stream
        protocol    = tcp
        wait        = no
        user        = qmaild
        server      = /var/qmail/bin/tcp-env
        server_args = /var/qmail/bin/qmail-smtpd
        disable     = no

I'm relatively sure this is a qmail problem, but as I also just set up
the firewall, it may be related. I'll probably kick myself for
forgetting something easy, but I'd appreciate any help. Any ideas?

Thanks.

Dean

[Previously posted to comp.os.linux.networking with no response.]

2. internet connectivity issues

3. SMTP only listens on host.domain.com:smtp want *:smtp

4. LINK-INDIA: Parliamentary question...

5. ISP's smtp refuses to relay (553)

6. OpenSource(tm)?... How about "OpenSpec(tm)"?

7. How to set redhat linux smtp relay?

8. Unix Bandwidth Monitoring/IPAccount for ISP/Vhosts

9. NA webshield & smtp relaying

10. SMTP Relaying

11. "Relaying denied"? when smtp emails

12. relaying denied (SMTP)

13. SMTP relay with SENDMAIL