Re: Email Server Timeouts

"Tarek W." <mailinglists1@xxxxxxxxxx> · Wed, 18 Feb 2004 20:39:20 +0200

first off, the rules in FORWARD with -j ACCEPT r redundant, since the
policy is ACCEPT.

can't see anything wrong with ur ruleset vis-a-vis outgoing sendmail
requests.

try adding "iptables -I INPUT -p tcp --dport 113 -j ACCEPT"

On Tue, 2004-02-17 at 23:20, Corey Furman wrote:
> When I enabled these rules, but then sendmail (on the same box) started
> timing out talking to other mail servers.  Does anyone see why?
> 
> 
> # Generated by iptables-save v1.2.7a on Thu Aug 21 14:04:36 2003
> *nat
> :PREROUTING ACCEPT [119808:12963417]
> :POSTROUTING ACCEPT [20799:1127196]
> :OUTPUT ACCEPT [28268:1649529]
> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Thu Aug 21 14:04:36 2003
> # Generated by iptables-save v1.2.7a on Thu Aug 21 14:04:36 2003
> *mangle
> :PREROUTING ACCEPT [4394291:2746107050]
> :INPUT ACCEPT [629207:295924271]
> :FORWARD ACCEPT [3748994:2446728158]
> :OUTPUT ACCEPT [700510:360090297]
> :POSTROUTING ACCEPT [4450703:2807075249]
> COMMIT
> # Completed on Thu Aug 21 14:04:36 2003
> # Generated by iptables-save v1.2.7a on Thu Aug 21 14:04:36 2003
> *filter
> :INPUT ACCEPT [629180:295921855]
> :FORWARD ACCEPT [3748994:2446728158]
> :OUTPUT ACCEPT [700509:360090229]
> -A INPUT -i eth0 -p tcp -m tcp --dport 11001:65535 -j REJECT --reject-with
> icmp-port-unreachable
> -A INPUT -i eth0 -p tcp -m tcp --dport 199 -j REJECT --reject-with
> icmp-port-unreachable
> -A INPUT -i eth0 -p tcp -m tcp --dport 111 -j REJECT --reject-with
> icmp-port-unreachable
> -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j REJECT --reject-with
> icmp-port-unreachable
> -A INPUT -i eth0 -p udp -m udp --dport 135:139 -j REJECT --reject-with
> icmp-port-unreachable
> -A INPUT -i eth0 -p tcp -m tcp --dport 135:139 -j REJECT --reject-with
> icmp-port-unreachable
> -A FORWARD -i eth0 -m state --state INVALID,NEW -j REJECT --reject-with
> icmp-port-unreachable
> -A FORWARD -p 47 -m state --state NEW -i eth1 -o eth0 -j ACCEPT
> -A FORWARD -p tcp -m state --state NEW --dport 1723 -i eth1 -o eth0 -j ACCEPT
> -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> COMMIT
> # Completed on Thu Aug 21 14:04:36 2003
> 
> 
> Thanks,
> Corey S. Furman
> Network Administrator
> 
> Telephone:                        Email:
> Work:   1.800.233.7177            Documents:  furmanc@xxxxxxxxxxxxxxxx
> Cell:   1.570.809.2449            Instant:    CoreyFurman@xxxxxxxxxxx
> _________________________________________________
> Warning! Sending me an attachment of these types:
> .bat   .com   .exe   .htm   .html
> .hta   .lnk   .url   .pif   .scr
> .shs   .vbs   .vbe   .wsf   .wsh
> will send your email to the trash, unread!
> 
> 