Firewall Wizards mailing list archives

Re: Ipchains blocking Sendmail

From: Dom Glavach <dg () ctcgsc org>
Date: 17 Sep 2002 15:27:24 -0400

if the running sendmail is reporting 'connection refused by server'
check /etc/sendmail.cf.  You may be restricting sendmail to accept only
localhost connections.


  O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA




you may be permitting only localhost connections
On Tue, 2002-09-17 at 13:50, csobre wrote:

Hi,

I have a linux machine connected to
the internet and to an internal network.
I am running Sendmail and Ipchains.
I have the following rules for
Ipchains on port 25:


   # SMTP server (25)
   # ----------------
   ipchains -A input  -i
$EXTERNAL_INTERFACE -p tcp  \
            --source-port $UNPRIVPORTS \
            -d $IPADDR 25 -j ACCEPT

   ipchains -A input  -i
$LOCAL_INTERFACE_1 -p tcp  \
            --source-port $UNPRIVPORTS \
            -d $LOCAL_IPADDR 25 -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

   ipchains -A output -i
$EXTERNAL_INTERFACE -p tcp ! -y \
            -s $LOCAL_IPADDR 25 \
            --destination-port
$UNPRIVPORTS -j ACCEPT

The only other ports I also ACCEPT are
53 and 113.

I can send and receive mail inside my
network, but can´t receive or send
E-mail to the internet.
After examining the Messages log there
are many lines with (Connection
refused by server) when sendmail tries
to connect to smtp servers on the
internet.

What am I missing here?

Thanks in advance.

 
__________________________________________________________________________
AcessoBOL, só R$ 9,90! O menor preço do mercado!
Assine já! http://www.bol.com.br/acessobol


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

-- 
-----------------------------------------------------------------------
Dominick Glavach, CISSP, GCIH                           dg () ctcgsc org
Senior IS Security Engineer                             814/269-2469
Concurrent Technologies Corporation                     


PGP fingerprint: 10 77 83 6C 31 57 36 64  F6 FD 9B 06 81 14 EE 76
PGP Public Key : ftp.ctcgsc.org/pub/PGP-keys/dg.asc
-----------------------------------------------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Ipchains blocking Sendmail csobre (Sep 17)
- Re: Ipchains blocking Sendmail Dom Glavach (Sep 17)
- <Possible follow-ups>
- RE: Ipchains blocking Sendmail Gautier . Rich (Sep 17)