Loading ...
Sorry, an error occurred while loading the content.

need help with firewall & postfix

Expand Messages
  • HELMUT S.
    Hallo, Need help with iptables & postfix. As I set up firewall postfix is not delivering mail anymore. I opened all ports but mails Are not delivered they get
    Message 1 of 1 , Feb 1, 2006
    • 0 Attachment

      Hallo,

       

      Need help with iptables & postfix. As I set up firewall postfix is not delivering mail anymore. I opened all ports but mails

      Are not delivered they get in queue, when I disable firewall mails are delivered normally.

       

      My iptables rules:

      ACCEPT     all  --  localhost            localhost

      ACCEPT     all  --  anywhere             anywhere

      ACCEPT     tcp  --  anywhere             anywhere            tcp multiport dports http,24,smtp,26

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:23000

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:23322

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:23000

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:51234

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:14534

      LOG        all  --  anywhere             anywhere            limit: avg 3/hour burst 5 LOG level warning

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:8767

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:14534

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:glftpd:21033

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:daytime

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:time

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5522

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:32944:32964

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:fcp-addr-srvr1:5530

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:5521

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8777

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:8767

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8778

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:13791

      ACCEPT     udp  --  anywhere             anywhere            udp dpts:40458:40460

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:14534

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:13700:13800

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:13400:13500

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:53840:53900

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission

      ACCEPT     tcp  --  192.168.1.10         10.1.15.1           tcp dpt:ssh

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:daytime

      ACCEPT     udp  --  anywhere             anywhere            udp dpt:time

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imaps

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3

      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap

      ACCEPT     tcp  --  anywhere             anywhere            multiport dports smtp,imap

      REJECT     icmp --  anywhere             anywhere            icmp echo-request reject-with icmp-port-unreachable

      ACCEPT     all  --  anywhere             anywhere

      REJECT     tcp  --  anywhere             anywhere            tcp dpt:mysql reject-with icmp-port-unreachable

      REJECT     tcp  --  linux02.klein-edv.de  10.1.15.1           tcp dpt:smtp reject-with icmp-port-unreachable

       

      Chain FORWARD (policy ACCEPT)

      target     prot opt source               destination

       

      Chain OUTPUT (policy ACCEPT)

      target     prot opt source               destination

      LOG        all  --  anywhere             anywhere            limit: avg 3/hour burst 5 LOG level warning

       

       

      My main.cf :

       

      mynetworks_style = host

       

      inet_protocols = ipv4

      biff = no

      mail_spool_directory = /var/mail

      canonical_maps = hash:/etc/postfix/canonical

      virtual_maps = hash:/etc/postfix/virtual

      relocated_maps = hash:/etc/postfix/relocated

      transport_maps = hash:/etc/postfix/transport

      sender_canonical_maps = hash:/etc/postfix/sender_canonical

      masquerade_exceptions = root

      masquerade_classes = envelope_sender, header_sender, header_recipient

      myhostname = ServerXXX-XX.de

      program_directory = /usr/lib/postfix

      masquerade_domains =

      mydestination = $myhostname, localhost.$mydomain, $mydomain

      defer_transports =

      disable_dns_lookups = no

      mailbox_command =

      mailbox_transport =

      smtpd_sender_restrictions = hash:/etc/postfix/access

      smtpd_client_restrictions = permit_sasl_authenticated,

      smtpd_helo_required = no

      smtpd_helo_restrictions =

      strict_rfc821_envelopes = no

      smtpd_recipient_restrictions = permit_tls_clientcerts, permit_sasl_authenticated, permit_mynetworks,reject_unauth_destination

      smtp_sasl_auth_enable = no

      smtpd_sasl_auth_enable = yes

      smtpd_use_tls = yes

      smtp_use_tls = yes

      alias_maps = hash:/etc/aliases

      mailbox_size_limit = 0

      message_size_limit = 10240000

      smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem

      smtpd_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem

      smtpd_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem

      smtpd_tls_received_header = yes

      tls_daemon_random_source = dev:/dev/urandom

      tls_random_source = dev:/dev/urandom

      relay_clientcerts = hash:/etc/postfix/relay_ccerts

      smtpd_tls_ask_ccert = yes

      smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem

      smtp_tls_cert_file = /etc/postfix/ssl/certs/postfixcert.pem

      smtp_tls_key_file = /etc/postfix/ssl/certs/postfixkey.pem

      mydomain = o_O.com

      myorigin = $mydomain

       

       

      maybe someone can halp.

       

      THX

    Your message has been successfully submitted and would be delivered to recipients shortly.