Dave Miller wrote:
> I am running Exim 4.2 on a RH 7.2 machine. I use iptables with the input
> chain set to drop and rules to open port 25 to all traffic, allow any
> service on the machine to access dns, etc. I can receive mail with the drop
> policy in place but when I try to send non local mail Exim times out. Do I
> need to open additional ports for Exim? If yes, which ones? If no, any ideas
> on why the time out?
smtp mail comes in on TCP port 25 but goes out on TCP high ports (ports
above 1023). Your filter is probably blocking TCP traffic in and out on
high ports.
Netfilter (iptables) on RH 7.2 has the possibility of allowing TCP
traffic out, whilst blocking TCP traffic in that has not been initiated
by an outgoing SYN packet.
These are my rules that work for a machine with a single interface. Note
that the lines have been "folded" by my MUA and that each rule should be
one single line:
Default policy is REJECT everything.
IFACE0=ppp0 # or eth0 or whatever
UP_PORTS="1024:65535"
## SMTP
# Allow smtp
iptables -A INPUT -i $IFACE0 -p tcp --sport $UP_PORTS --dport 25 -m
state --state NEW -j ACCEPT
iptables -A OUTPUT -o $IFACE0 -p tcp --dport $UP_PORTS --sport 25 -m
state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o $IFACE0 -p tcp --dport 25 --sport $UP_PORTS -m
state --state NEW -j ACCEPT
iptables -A INPUT -i $IFACE0 -p tcp --sport 25 --dport $UP_PORTS -m
state --state --state ESTABLISHED,RELATED -j ACCEPT
HTH
--Tonni
--
Tony Earnshaw
Millom kaksar eg litet kann trivast, millom jamningar helst er eg nøgd
http://www.billy.demon.nl
Mail: tonni@???
