IPTABLES and Sendmail

[BIS]

Hallo,

I am hoping someone can point me in the right direction. I am running IPTABLES on a RH7.3 box, and for some reason I cannot send nor receive emails when IPTABLES is running. Below the section(s) of the IPTABLES script that I (hope) is the culprit. Any ideas?


# POP server (110)
# ----------------
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 110 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 110 --destination-port $UNPRIVPORTS -j ACCEPT
# POP client (110)
# ----------------
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 110 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 110 -j ACCEPT



# ------------------------------------------------------------------
# SMTP server (25)
# ----------------
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp --source-port $UNPRIVPORTS -d $IPADDR --destination-port 25 -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp ! --syn -s $IPADDR --source-port 25 --destination-port $UNPRIVPORTS -j ACCEPT
#
#
#
# ------------------------------------------------------------------
# SMTP client (25)
# ----------------
iptables -A INPUT -i $EXTERNAL_INTERFACE -p tcp ! --syn --source-port 25 -d $IPADDR --destination-port $UNPRIVPORTS -j ACCEPT
iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p tcp -s $IPADDR --source-port $UNPRIVPORTS --destination-port 25 -j ACCEPT

 

[bwilliam13]

iptables -A INPUT p tcp --dport 25 -j ACCEPT


That's all you need. I have a couple other lines in mine to prevent someone from DoS'ing my interface with too many messages at a time, but the above line allows mail in and out...assuming your mail server is on the machine running iptables. If you want it on a specific interface, put a "-i eth0" or whatever your interface is right after the INPUT or OUTPUT directives.