hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : more fun with iptables
Reply

Forum Jump

more fun with iptables

Reply Post New Thread In Hosting Security and Technology Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 11-05-2003, 06:53 PM
CPixelsBen CPixelsBen is offline
Junior Guru Wannabe
 
Join Date: Aug 2002
Posts: 43
Talking

more fun with iptables


Hello all,

Yesterday I posted asking about my iptables policy, you can see that thread here

The use of that policy with the listed change produces errors with email on the server. In short, email bounces to the server. A bounce looks similar to this

Code:
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

address@domain.tld
local delivery failed

------ address@domain.tld ------

An error was detected while processing a file of BSMTP input.
The error message was:

421 SMTP incoming data timeout - message abandoned

The SMTP transaction started in line 0.
The error was detected in line 3.
0 previous messages were successfully processed.
The rest of the batch was abandoned.
421 SMTP incoming data timeout - message abandoned
Transaction started in line 0
Error detected in line 3

------ This is a copy of the message, including all the headers. ------

Return-path: 
Received: from [4.7.28.249] (helo=gaia.asylumgroup.net)
by hostname.of.receiving.server with esmtp (Exim 4.24)
id 1AHViH-0003I5-9G; Wed, 05 Nov 2003 14:01:17 -0800
Subject: test
MIME-Version: 1.0
Date: Wed, 5 Nov 2003 16:01:51 -0600
Content-Type: multipart/signed;
protocol="application/x-pkcs7-signature";
micalg=SHA1;
boundary="----=_NextPart_000_0008_01C3A3B6.1F567140"
X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0
Message-ID: <63ABE5E6783C1947BA1C059C66545E101CFC@hostname.of.sending.server>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator: 
Thread-Topic: test
Thread-Index: AcOj6GirjsaHsF+dQgiZhWu0PeRgWA==
Content-class: urn:content-classes:message
Anyone have any idea what causes this? or how to fix it?

__________________
Ben Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen



Sponsored Links
  #2  
Old 11-05-2003, 07:18 PM
RutRow RutRow is offline
Web Hosting Guru
 
Join Date: Mar 2001
Location: California
Posts: 332
Let's see the output of 'iptables -L -v -n'

You probably need to add:
$IPTABLES -A INPUT -i lo -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT

  #3  
Old 11-05-2003, 08:10 PM
CPixelsBen CPixelsBen is offline
Junior Guru Wannabe
 
Join Date: Aug 2002
Posts: 43
[~]# iptables -L -v -n
Chain INPUT (policy DROP 10 packets, 1505 bytes)
pkts bytes target prot opt in out source destination
440 32151 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
1 60 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:37
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:43
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
19 1223 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
17 832 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 144 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:873
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2082
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2083
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2086
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2087
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2089
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2095
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6666

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 558 packets, 506K bytes)
pkts bytes target prot opt in out source destination

Chain acctboth (0 references)
pkts bytes target prot opt in out source destination

__________________
Ben Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen

Sponsored Links
  #4  
Old 11-05-2003, 08:14 PM
CPixelsBen CPixelsBen is offline
Junior Guru Wannabe
 
Join Date: Aug 2002
Posts: 43
Yes, that line seems to alleviated the problem, thank you very much.

__________________
Ben Prince - CyberPixels
Systems Administrator
ben@cyberpixels.com
AIM: CyberPixelsBen

Reply

Related posts from TheWhir.com
Title Type Date Posted


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?