Mailserver not receiving SMTP (firewall block?)

Discussion in 'Installation/Configuration' started by YYZ, Apr 19, 2013.

  1. YYZ

    YYZ New Member

    Hi,

    Just built a Linode LAMP server a week ago and everything works perfect with the exception of SMTP The server can send but cannot receive email. :confused:

    Even though iptables indicate that TCP port25 is open for inbound connections, it is in fact closed as I cannot connect to the public IP address from the internet.
    Local connection on the server to 127.0.0.1 works perfectly indicating that the daemon is alive and fine.
    I could not figure this out for a life of me.

    Thanks!

    OS: Description: Ubuntu 12.04.2 LTS
    Kernel: 3.8.4-x86_64
    Base Linode Stackscript install: http://www.linode.com/stackscripts/view/?StackScriptID=131
    HowtoForge customization (using courier instead of Dovecot): http://www.howtoforge.com/perfect-server-ubuntu-12.04-lts-apache2-bind-dovecot-ispconfig-3

    IPTABLES config (generated by ISPCONFIG3):
    iptables -S (ipv4)
    -P INPUT DROP
    -P FORWARD DROP
    -P OUTPUT ACCEPT
    -N INT_IN
    -N INT_OUT
    -N PAROLE
    -N PUB_IN
    -N PUB_OUT
    -N fail2ban-dovecot-pop3imap
    -N fail2ban-pureftpd
    -N fail2ban-ssh
    -N ufw-after-forward
    -N ufw-after-input
    -N ufw-after-logging-forward
    -N ufw-after-logging-input
    -N ufw-after-logging-output
    -N ufw-after-output
    -N ufw-before-forward
    -N ufw-before-input
    -N ufw-before-logging-forward
    -N ufw-before-logging-input
    -N ufw-before-logging-output
    -N ufw-before-output
    -N ufw-reject-forward
    -N ufw-reject-input
    -N ufw-reject-output
    -N ufw-track-input
    -N ufw-track-output
    -A INPUT -p tcp -m multiport --dports 110,995,143,993 -j fail2ban-dovecot-pop3imap
    -A INPUT -p tcp -m multiport --dports 21 -j fail2ban-pureftpd
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
    -A INPUT -s 81.169.154.250/32 -j DROP
    -A INPUT -p tcp -m multiport --dports 110,995,143,993 -j fail2ban-dovecot-pop3imap
    -A INPUT -p tcp -m multiport --dports 21 -j fail2ban-pureftpd
    -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
    -A INPUT -d 127.0.0.0/8 ! -i lo -p tcp -j DROP
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -s 224.0.0.0/4 -j DROP
    -A INPUT -i eth+ -j PUB_IN
    -A INPUT -i ppp+ -j PUB_IN
    -A INPUT -i slip+ -j PUB_IN
    -A INPUT -i venet+ -j PUB_IN
    -A INPUT -i bond+ -j PUB_IN
    -A INPUT -j DROP
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -j DROP
    -A OUTPUT -o eth+ -j PUB_OUT
    -A OUTPUT -o ppp+ -j PUB_OUT
    -A OUTPUT -o slip+ -j PUB_OUT
    -A OUTPUT -o venet+ -j PUB_OUT
    -A OUTPUT -o bond+ -j PUB_OUT
    -A INT_IN -p icmp -j ACCEPT
    -A INT_IN -j DROP
    -A INT_OUT -p icmp -j ACCEPT
    -A INT_OUT -j ACCEPT
    -A PAROLE -j ACCEPT
    -A PUB_IN -p icmp -m icmp --icmp-type 3 -j ACCEPT
    -A PUB_IN -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A PUB_IN -p icmp -m icmp --icmp-type 11 -j ACCEPT
    -A PUB_IN -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A PUB_IN -p tcp -m tcp --dport 20 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 21 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 22 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 25 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 53 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 80 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 110 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 143 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 443 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 993 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 995 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 3306 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 8080 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 8081 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 8085 -j PAROLE
    -A PUB_IN -p tcp -m tcp --dport 10000 -j PAROLE
    -A PUB_IN -p udp -m udp --dport 53 -j ACCEPT
    -A PUB_IN -p udp -m udp --dport 3306 -j ACCEPT
    -A PUB_IN -p icmp -j DROP
    -A PUB_IN -j DROP
    -A PUB_OUT -j ACCEPT
    -A fail2ban-dovecot-pop3imap -j RETURN
    -A fail2ban-dovecot-pop3imap -j RETURN
    -A fail2ban-dovecot-pop3imap -j RETURN
    -A fail2ban-dovecot-pop3imap -j RETURN
    -A fail2ban-pureftpd -j RETURN
    -A fail2ban-pureftpd -j RETURN
    -A fail2ban-pureftpd -j RETURN
    -A fail2ban-pureftpd -j RETURN
    -A fail2ban-ssh -j RETURN
    -A fail2ban-ssh -j RETURN
    -A fail2ban-ssh -j RETURN
     
  2. YYZ

    YYZ New Member

    Problem has been fixed.

    Postfix was configured to listen only on the local loopback address.
    run "sudo dpkg-reconfigure postfix" to update the configuration.

    It is always the simple things. :)
     

Share This Page