Hi Angelo, Connection timed out with localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com>. it does mean sure this host can not be found by ur send mail. 1) Can u try with nslookup command and check localhost.localdomain.mydomain name.com <http://name.com>. is able to relove or not.. this is only problem. Basically it should search mydomain.com <http://mydomain.com> only. if possbile can u paste here DNS forward zone and reverse file also. 2) if possible try to telnet from other network and check it telnet mydomain.com <http://mydomain.com> 25 and telnet mydomain.com<http://mydomain.com>110 i hope u will get it..if not check with u firewall rool.( checked u r rule but tht is not issue. but at least 1 time u can check ) Cheers On 5/14/05, angelo l <angelohl@xxxxxxxxxxx> wrote: > ===========THE CONFIGURATION======(problem at bottom) > > *==Internet==* > | > | > ______|____________________ > | Firewall | > |21 open to 116.168.1.2 <http://116.168.1.2> | > |22 open to 116.168.1.2 <http://116.168.1.2> | > |25 open to 116.168.1.2 <http://116.168.1.2> | > |80 open to 116.168.1.2 <http://116.168.1.2> | > |110 open to 116.168.1.2 <http://116.168.1.2> | > |113 open to 116.168.1.2 <http://116.168.1.2> | > |__________________________| > | > ______|_______________________________ > | Server | > |Eth0 (116.168.1.2 <http://116.168.1.2>) | > | (iptables - ipv4 fowarding enabled)| > |Eth1 (10.12.1.1 <http://10.12.1.1>) | > |_____________________________________| > > 1) I can ping th===========THE PROBLEM=============e address from eth0 to > eth1 and vice versa with no problem, internet access from addresses on the > eth1 subnet is no problem either. > 2) On the server the only files I have edited are listed here (verbatim): > > ***/etc/mail/sendmail.cw contains: > mail > > ***/etc/mail/sendmail.mc contains: > divert(-1)dnl > include(`/usr/share/sendmail-cf/m4/cf.m4')dnl > VERSIONID(`setup for Red Hat Linux')dnl > OSTYPE(`linux')dnl > define(`confDEF_USER_ID',``8:12'')dnl > define(`confTRUSTED_USER', `smmsp')dnl > define(`confTO_CONNECT', `1m')dnl > define(`confTRY_NULL_MX_LIST',true)dnl > define(`confDONT_PROBE_INTERFACES',true)dnl > define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl > define(`ALIAS_FILE', `/etc/aliases')dnl > define(`UUCP_MAILER_MAX', `2000000')dnl > define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl > define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl > define(`confAUTH_OPTIONS', `A')dnl > define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl > define(`confTO_IDENT', `0')dnl > FEATURE(`no_default_msa',`dnl')dnl > FEATURE(`smrsh',`/usr/sbin/smrsh')dnl > FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl > FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl > FEATURE(redirect)dnl > FEATURE(always_add_domain)dnl > FEATURE(use_cw_file)dnl > FEATURE(use_ct_file)dnl > FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl > FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl > FEATURE(`blacklist_recipients')dnl > EXPOSED_USER(`smmsp')dnl > FEATURE(`relay_based_on_MX')dnl > LOCAL_DOMAIN(`localhost.localdomain')dnl > MASQUERADE_AS(`mydomainname.com')dnl > dnl MASQUERADE_DOMAIN(localhost)dnl > dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl > dnl MASQUERADE_DOMAIN(mydomainalias.com <http://mydomainalias.com>)dnl > dnl MASQUERADE_DOMAIN(mydomain.lan)dnl > MAILER(smtp)dnl > MAILER(procmail)dnl > > ***/etc/mail/access contains: > localhost.localdomain RELAY > localhost RELAY > 127.0.0.1 <http://127.0.0.1> RELAY > 116.168.1.2 <http://116.168.1.2> RELAY > mydomainname.com <http://mydomainname.com> RELAY > # mail.mydomainname.com <http://mail.mydomainname.com> RELAY > cyberpromo.com <http://cyberpromo.com> REJECT > spam@xxxxxxxxx 550 Spammers shan't see sunlight here > > ***/etc/hosts > 127.0.0.1 <http://127.0.0.1> localhost.localdomain localhost > #116.168.1.2 mail.mydomainname.com <http://mail.mydomainname.com> mail > > ***/etc/mail/local-host-names contains: > localhost > localhost.localdomain > server1.mydomainname.com <http://server1.mydomainname.com> > > ***/etc/named.conf contains: > controls { > inet 127===========THE PROBLEM=============.0.0.1 allow { localhost; > } keys { rndckey; }; > }; > include "/etc/named.custom"; > include "/etc/rndc.key"; > > zone "0.0.127.in-addr.arpa" { > type master; > file "0.0.127.in-addr.arpa.zone"; > }; > zone "1.168.116.in-addr.arpa" { > type master; > file "1.168.116.in-addr.arpa.zone"; > }; > zone "localhost" { > type master; > file "localhost.zone"; > }; > zone "mydomainname.com <http://mydomainname.com>" { > type master; > file "mydomainname.com.zone"; > }; > > ***/etc/init.d/iptables contains: > # (1) Policies (default) > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > # (2) User-defined chain for ACCEPTED TCP packets > iptables -N okay > iptables -A okay -p TCP --syn -j ACCEPT > iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A okay -p TCP -j DROP > > # (3) INPUT chain rules > ## Rules for incoming packets from LAN > iptables -A INPUT -p ALL -i eth1 -s 10.12.1.0/8 <http://10.12.1.0/8> -j ACCEPT > iptables -A INPUT -p ALL -i lo -s 127.0.0.1 <http://127.0.0.1> -j ACCEPT > iptables -A INPUT -p ALL -i lo -s 10.12.1.0 <http://10.12.1.0> -j ACCEPT > iptables -A INPUT -p ALL -i lo -s 116.168.1.2 <http://116.168.1.2> -j ACCEPT > iptables -A INPUT -p ALL -i eth1 -d 10.12.1.255 <http://10.12.1.255> -j ACCEPT > > ## Rules for incoming packets from the Internet > # Packets for established connections > iptables -A INPUT -p ALL -d 116.168.1.2 <http://116.168.1.2> -m state --state \ > ESTABLISHED,RELATED -j ACCEPT > > # REJECT THESE JERKS from accessing anything (HACKERS): > iptables -A INPUT -p tcp -s 66.232.147.175 <http://66.232.147.175> -j REJECT --reject-with tcp-reset > iptables -A INPUT -p tcp -s 67.169.132.93 <http://67.169.132.93> -j REJECT --reject-with tcp-reset > iptables -A INPUT -p tcp -s 202.9.128.100 <http://202.9.128.100> -j REJECT --reject-with tcp-reset > iptables -A INPUT -p tcp -s 202.9.183.254 <http://202.9.183.254> -j REJECT --reject-with tcp-reset > iptables -A INPUT -p tcp -s 202.153.41.139 <http://202.153.41.139> -j REJECT --reject-with tcp-reset > iptables -A INPUT -p tcp -s 210.51.188.113 <http://210.51.188.113> -j REJECT --reject-with tcp-reset > > # TCP rules > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 25 -j okay > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 110 -j okay > iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay > > # UDP rules > iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT > iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT > iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT > > # ICMP rules > iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT > iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT > > # (4) FORWARD ip rules > # Accept packets I want to forward > iptables -A FORWARD -i eth1 -j ACCEPT > iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT > > # (5) OUTPUT ip rules > # ONLY output packets with local addresses (NO spoofing) > iptables -A OUTPUT -p ALL -s 127.0.0.1 <http://127.0.0.1> -j ACCEPT > iptables -A OUTPUT -p ALL -s 10.12.1.1 <http://10.12.1.1> -j ACCEPT > iptables -A OUTPUT -p ALL -s 116.168.1.2 <http://116.168.1.2> -j ACCEPT > > # (6) POSTROUTING ip rules > iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 116.168.1.2<http://116.168.1.2> > # uncomment the bottom for DHCP if it works first > # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > > ===========THE PROBLEM============= > Mail is going out to the Internet, but no matter what account I use (i.e., > freebee sites or otherwise, mail isn't coming in. When I review the mail > server logs, I see it trying to be delivered: > > May 12 17:24:10 SERVER1 sendmail[3883]: j49NiYov005141: > to=<root@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>, > ctladdr=<root@xxxxxxxxxxxxxxxxxxxxxxxx> (0/0), delay=2+21:39:17, > xdelay=00:00:00, mailer=esmtp, pri=5880651, > relay=localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com>., dsn=4.0.0, stat=Deferred: > Connection timed out with localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com> . > > What is going on??? > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Vipul Ramani linux2000in@xxxxxxxxx linux2000in@xxxxxxxxx ~~~~~We Know HOW NetWorkS ~~~~~ -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list
