Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 1st July 2009, 07:41
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default Unable to receve email

Hello,

After restore a configuration file I am not able to receive email. I am able to send. Messages do not hit the mail queue any suggestion. DNS server is resolving correctly. Also had disable firewall..no good......Server works for a year without prolmes


here is my config files

main.cfg..

# --------------- local settings ------------------
myhostname = mail.xxxxxxx.com
mydomain = xxxxxxx.com
inet_interfaces = localhost, $myhostname
alias_maps =
alias_database =
relay_domains = mysql:$config_directory/mysql_relay_domains_maps.cf
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mailq_path = /usr/bin/mailq
setgid_group = maildrop
mynetworks_style = host
mynetworks = 127.0.0.0/8
#mydestination = localhost, $myhostname
mydestination = localhost
unknown_local_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/address_verify
inet_protocols = all
biff = no
content_filter = smtp-amavis:[127.0.0.1]:10024
# ---------------------- VIRTUAL DOMAINS START ----------------------
virtual_mailbox_domains = mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
#virtual_transport = dovecot
virtual_transport = virtual
dovecot_destination_recipient_limit = 1
# ---------------------- VIRTUAL DOMAINS END ----------------------
# ---------------------- ADDITIONAL FOR QUOTA SUPPORT -------------
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes
# ---------------------- ADDITIONAL FOR QUOTA SUPPORT END -----
# ---------------------- SASL PART START ----------------------
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_password_maps =
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
#smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
# ---------------------- SASL PART END ----------------------
# ---------------------- TLS PART START ----------------------
smtp_use_tls = yes
smtp_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtp_tls_key_file = /etc/postfix/ssl/smtpd.key
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_tls_session_cache
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache

smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_ask_ccert = no
smtpd_tls_loglevel = 0
tls_random_source = dev:/dev/urandom
# ---------------------- TLS PART END ----------------------
smtpd_helo_required = yes
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
maps_rbl_reject_code = 450
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_sender_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
permit_sasl_authenticated
warn_if_reject reject_non_fqdn_helo_hostname
warn_if_reject reject_unknown_helo_hostname
warn_if_reject reject_unknown_client
warn_if_reject reject_unverified_sender
warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org
warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org
reject_unauth_destination
reject_invalid_helo_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unverified_recipient
reject_unauth_pipelining
reject_rbl_client multi.uribl.com
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client sbl-xbl.spamhaus.org
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client combined.rbl.msrbl.net
reject_rbl_client rabl.nuclearelephant.com
reject_rbl_client cbl.abuseat.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client dnsbl.sorbs.net=127.0.0.2
reject_rbl_client dnsbl.sorbs.net=127.0.0.3
reject_rbl_client dnsbl.sorbs.net=127.0.0.4
reject_rbl_client dnsbl.sorbs.net=127.0.0.5
reject_rbl_client dnsbl.sorbs.net=127.0.0.7
reject_rbl_client dnsbl.sorbs.net=127.0.0.9
reject_rbl_client dnsbl.sorbs.net=127.0.0.11
reject_rbl_client dnsbl.sorbs.net=127.0.0.12
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man


here is master.cfg

#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
#smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_etrn_restrictions=reject
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o content_filter=
scache unix - - n - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc ${sender} ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user= vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)

smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtp_data_restrictions=reject_unauth_pipelining
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtp_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
retry unix - - n - - error
proxywrite unix - - n - 1 proxymap

Last edited by aberrio; 1st July 2009 at 07:45.
Reply With Quote
Sponsored Links
  #2  
Old 2nd July 2009, 03:07
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default

Hello,

Any ideas?

regards,


Al
Reply With Quote
  #3  
Old 2nd July 2009, 14:43
Tezux Tezux is offline
Member
 
Join Date: Jun 2009
Posts: 38
Thanks: 0
Thanked 2 Times in 2 Posts
Default

So there is no trace of any messages been sent to you in the mail log file at all??
have you tried sending a mail to root? Did it work ok?
maybe post your log file
Reply With Quote
  #4  
Old 2nd July 2009, 15:12
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

Are there any errors in your mail log when you send a mail to the server?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd July 2009, 16:24
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default

Hello Falko,

There are no error, no warning, The message is not even queue. DNS is resolving accordingly. I am able to send but not receive, when I send email I am able to see infomration on the queue. Monit, logwatch and chkrootkit are able to send email to the admin, but not from outside.

I am getting this message on the sender side.

Delivery attempt history for your mail:

Wed, 1 Jul 2009 16:37:19 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

Wed, 1 Jul 2009 08:37:19 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

Wed, 1 Jul 2009 00:37:19 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

Tue, 30 Jun 2009 22:37:19 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

Tue, 30 Jun 2009 21:37:19 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

Tue, 30 Jun 2009 20:37:05 -0500 (CDT)
TCP active open: Failed connect() Error: Connection refused

The mail system will continue to try to deliver your message
for an additional 2 days.


Regads,

AL

Last edited by aberrio; 2nd July 2009 at 22:21.
Reply With Quote
  #6  
Old 3rd July 2009, 11:02
Tezux Tezux is offline
Member
 
Join Date: Jun 2009
Posts: 38
Thanks: 0
Thanked 2 Times in 2 Posts
Default

have you checked if your isp is maybe blocking it? Maybe they weren't before but now have changed there conditions or something like that.
How have you set up the DNS records? Has something possibly changed here that could be causing this issue? Im guessing your Public IP Address and Private IP addresses have not changed aswell right?
Check these (I dont know what OS you are using so may have to change these commands)
/etc/hosts
/etc/network/interfaces

im guessing you have checked the MX records using dig MX yourdomain.com
Reply With Quote
  #7  
Old 3rd July 2009, 16:43
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default

Hello,

MX record good, DNS resolving accordingly, I have static IP. I can telnet localhost 25 but i can not connect from outside. Port 25 is not block. Service Postfix is active with firewall.

Any other sugestion?
Reply With Quote
  #8  
Old 3rd July 2009, 19:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
Default

What are the outputs of
Code:
netstat -tap
and
Code:
iptables -L
?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 3rd July 2009, 21:42
aberrio aberrio is offline
Senior Member
 
Join Date: Sep 2007
Posts: 150
Thanks: 13
Thanked 3 Times in 3 Posts
Default

Here

mail:~ # netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:imaps *:* LISTEN 2350/dovecot
tcp 0 0 *op3s *:* LISTEN 2350/dovecot
tcp 0 0 localhost:10024 *:* LISTEN 7104/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 11201/master
tcp 0 0 *:mysql *:* LISTEN 2179/mysqld
tcp 0 0 localhost:dyna-access *:* LISTEN 2481/clamd
tcp 0 0 *op3 *:* LISTEN 2350/dovecot
tcp 0 0 *:sunrpc *:* LISTEN 2533/portmap
tcp 0 0 *:imap *:* LISTEN 2350/dovecot
tcp 0 0 *:ndmp *:* LISTEN 2618/perl
tcp 0 0 mail.tchosting.n:domain *:* LISTEN 2420/named
tcp 0 0 mail.tchosting.n:domain *:* LISTEN 2420/named
tcp 0 0 localhost:domain *:* LISTEN 2420/named
tcp 0 0 *:munin *:* LISTEN 2189/munin-node
tcp 0 0 *:ssh *:* LISTEN 2292/sshd
tcp 0 0 localhost:ipp *:* LISTEN 2587/cupsd
tcp 0 0 mail.tchosting.net:smtp *:* LISTEN 11201/master
tcp 0 0 mail.tchosting.net:smtp *:* LISTEN 11201/master
tcp 0 0 localhost:smtp *:* LISTEN 11201/master
tcp 0 0 localhost:953 *:* LISTEN 2420/named
tcp 0 0 *:atmtcp *:* LISTEN 2344/monit
tcp 0 3112 mail.tchosting.net:ssh c-67-175-83-229:noadmin ESTABLISHED 9819/0
tcp 0 0 *:www-http *:* LISTEN 3054/httpd2-prefork
tcp 0 0 *:domain *:* LISTEN 2420/named
tcp 0 0 *:ssh *:* LISTEN 2292/sshd
tcp 0 0 localhost:ipp *:* LISTEN 2587/cupsd
tcp 0 0 localhost:smtp *:* LISTEN 11201/master
tcp 0 0 localhost:953 *:* LISTEN 2420/named
tcp 0 0 *:https *:* LISTEN 3054/httpd2-prefork


mail:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ndmp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:atmtcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:atmtcp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:dyna-access flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:dyna-access
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:munin flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:munin
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:domain flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:https
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imap flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imap
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:imaps flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dptop3 flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dptop3
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dptop3s flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dptop3s
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:http flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:http
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:https flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:https
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:smtp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:urd flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:urd
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ftp-data flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:ftp-data
reject_func tcp -- anywhere anywhere tcp dpt:ident state NEW
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG all -- anywhere anywhere limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP all -- anywhere anywhere
Chain reject_func (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
Reply With Quote
  #10  
Old 4th July 2009, 14:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,749 Times in 2,579 Posts
 
Default

What happens when you disable the firewall? Does it work then?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
libWand.so.10 error Taxick Installation/Configuration 8 3rd May 2009 02:27
hotmail rejects outgoing email nzimas Server Operation 3 1st May 2009 04:39
unable to receive email from postfix/ISPconfig with Microcrap Outlook 2007 fireman71 Installation/Configuration 6 9th December 2007 17:49
HotSaNIC domino Tips/Tricks/Mods 23 6th November 2006 06:19
Howto suggestion suse PhP ver 4 + Ver 5 wwparrish Suggest HOWTO 11 7th August 2006 14:29


All times are GMT +2. The time now is 16:43.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.