iptables firewall on: can't receive emails

[akgta]

hello,

after turning on the iptables firewall i can't receive emails anymore on a dedicated centos 5.3 server with postfix and dovecot.

with iptables firewall turned off everythin works fine.

following is the /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
# -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT

# ************ tried doing this first ************

#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 110 -j ACCEPT  --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT  --syn
#-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 143 -j ACCEPT  --syn

# ************ tried doing this too ************

-A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 72.233.54.234 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 25 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -s 72.233.54.234 --sport 1024:65535 -d 0/0 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -s 0/0 --sport 25 -d 72.233.54.234 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT


-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

as you can see here i have tried opening ports 110, 25, 143 earlier. still did not work

if you need more info please let me know.

please help thanks in advance.

 

[stfaprc]

for issues like this, i really find webmin invaluable.
download it from

http://www.webmin.com

and then use its firewall viewer/editor. very, very useful.