HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Mailserver not receiving SMTP (firewall block?) (http://www.howtoforge.com/forums/showthread.php?t=61533)

YYZ 19th April 2013 20:53

Mailserver not receiving SMTP (firewall block?)
 
Hi,

Just built a Linode LAMP server a week ago and everything works perfect with the exception of SMTP The server can send but cannot receive email. :confused:

Even though iptables indicate that TCP port25 is open for inbound connections, it is in fact closed as I cannot connect to the public IP address from the internet.
Local connection on the server to 127.0.0.1 works perfectly indicating that the daemon is alive and fine.
I could not figure this out for a life of me.

Thanks!

OS: Description: Ubuntu 12.04.2 LTS
Kernel: 3.8.4-x86_64
Base Linode Stackscript install: http://www.linode.com/stackscripts/v...ckScriptID=131
HowtoForge customization (using courier instead of Dovecot): http://www.howtoforge.com/perfect-se...ot-ispconfig-3

IPTABLES config (generated by ISPCONFIG3):
iptables -S (ipv4)
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N INT_IN
-N INT_OUT
-N PAROLE
-N PUB_IN
-N PUB_OUT
-N fail2ban-dovecot-pop3imap
-N fail2ban-pureftpd
-N fail2ban-ssh
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-track-input
-N ufw-track-output
-A INPUT -p tcp -m multiport --dports 110,995,143,993 -j fail2ban-dovecot-pop3imap
-A INPUT -p tcp -m multiport --dports 21 -j fail2ban-pureftpd
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -s 81.169.154.250/32 -j DROP
-A INPUT -p tcp -m multiport --dports 110,995,143,993 -j fail2ban-dovecot-pop3imap
-A INPUT -p tcp -m multiport --dports 21 -j fail2ban-pureftpd
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -d 127.0.0.0/8 ! -i lo -p tcp -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 224.0.0.0/4 -j DROP
-A INPUT -i eth+ -j PUB_IN
-A INPUT -i ppp+ -j PUB_IN
-A INPUT -i slip+ -j PUB_IN
-A INPUT -i venet+ -j PUB_IN
-A INPUT -i bond+ -j PUB_IN
-A INPUT -j DROP
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -o eth+ -j PUB_OUT
-A OUTPUT -o ppp+ -j PUB_OUT
-A OUTPUT -o slip+ -j PUB_OUT
-A OUTPUT -o venet+ -j PUB_OUT
-A OUTPUT -o bond+ -j PUB_OUT
-A INT_IN -p icmp -j ACCEPT
-A INT_IN -j DROP
-A INT_OUT -p icmp -j ACCEPT
-A INT_OUT -j ACCEPT
-A PAROLE -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A PUB_IN -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A PUB_IN -p tcp -m tcp --dport 20 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 21 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 22 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 25 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 53 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 80 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 110 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 143 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 443 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 993 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 995 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 3306 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 8080 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 8081 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 8085 -j PAROLE
-A PUB_IN -p tcp -m tcp --dport 10000 -j PAROLE
-A PUB_IN -p udp -m udp --dport 53 -j ACCEPT
-A PUB_IN -p udp -m udp --dport 3306 -j ACCEPT
-A PUB_IN -p icmp -j DROP
-A PUB_IN -j DROP
-A PUB_OUT -j ACCEPT
-A fail2ban-dovecot-pop3imap -j RETURN
-A fail2ban-dovecot-pop3imap -j RETURN
-A fail2ban-dovecot-pop3imap -j RETURN
-A fail2ban-dovecot-pop3imap -j RETURN
-A fail2ban-pureftpd -j RETURN
-A fail2ban-pureftpd -j RETURN
-A fail2ban-pureftpd -j RETURN
-A fail2ban-pureftpd -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN
-A fail2ban-ssh -j RETURN

YYZ 22nd April 2013 13:30

Problem has been fixed.

Postfix was configured to listen only on the local loopback address.
run "sudo dpkg-reconfigure postfix" to update the configuration.

It is always the simple things. :)


All times are GMT +2. The time now is 15:07.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.