Results 1 to 4 of 4
  1. #1

    Talking more fun with iptables

    Hello all,

    Yesterday I posted asking about my iptables policy, you can see that thread here

    The use of that policy with the listed change produces errors with email on the server. In short, email bounces to the server. A bounce looks similar to this

    Code:
    A message that you sent could not be delivered to one or more of its
    recipients. This is a permanent error. The following address(es) failed:
    
    address@domain.tld
    local delivery failed
    
    ------ address@domain.tld ------
    
    An error was detected while processing a file of BSMTP input.
    The error message was:
    
    421 SMTP incoming data timeout - message abandoned
    
    The SMTP transaction started in line 0.
    The error was detected in line 3.
    0 previous messages were successfully processed.
    The rest of the batch was abandoned.
    421 SMTP incoming data timeout - message abandoned
    Transaction started in line 0
    Error detected in line 3
    
    ------ This is a copy of the message, including all the headers. ------
    
    Return-path: 
    Received: from [4.7.28.249] (helo=gaia.asylumgroup.net)
    by hostname.of.receiving.server with esmtp (Exim 4.24)
    id 1AHViH-0003I5-9G; Wed, 05 Nov 2003 14:01:17 -0800
    Subject: test
    MIME-Version: 1.0
    Date: Wed, 5 Nov 2003 16:01:51 -0600
    Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=SHA1;
    boundary="----=_NextPart_000_0008_01C3A3B6.1F567140"
    X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
    Message-ID: <63ABE5E6783C1947BA1C059C66545E101CFC@hostname.of.sending.server>
    X-MS-Has-Attach: yes
    X-MS-TNEF-Correlator: 
    Thread-Topic: test
    Thread-Index: AcOj6GirjsaHsF+dQgiZhWu0PeRgWA==
    Content-class: urn:content-classes:message
    Anyone have any idea what causes this? or how to fix it?
    Ben Prince - CyberPixels
    Systems Administrator
    ben@cyberpixels.com
    AIM: CyberPixelsBen

  2. #2
    Join Date
    Mar 2001
    Location
    California
    Posts
    332
    Let's see the output of 'iptables -L -v -n'

    You probably need to add:
    $IPTABLES -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

  3. #3
    [~]# iptables -L -v -n
    Chain INPUT (policy DROP 10 packets, 1505 bytes)
    pkts bytes target prot opt in out source destination
    440 32151 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
    1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:37
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:43
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
    19 1223 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
    17 832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
    3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:465
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873
    0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:873
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2083
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2086
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2087
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2089
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6666

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 558 packets, 506K bytes)
    pkts bytes target prot opt in out source destination

    Chain acctboth (0 references)
    pkts bytes target prot opt in out source destination
    Ben Prince - CyberPixels
    Systems Administrator
    ben@cyberpixels.com
    AIM: CyberPixelsBen

  4. #4
    Yes, that line seems to alleviated the problem, thank you very much.
    Ben Prince - CyberPixels
    Systems Administrator
    ben@cyberpixels.com
    AIM: CyberPixelsBen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •