Re: [exim] local server access

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: exim-users, Ltc Hotspot
Subject: Re: [exim] local server access
On Sat, 19 Aug 2017, Ltc Hotspot via Exim-users wrote:

> Dear Exim Users:
>
> Is this a valid rule to authorize local access to Exim:
> -A cP-Firewall-1-INPUT -s 127.0.0.1:25 -p tcp -m state --state NEW -m
> tcp --dport 25 -j ACCEPT


-s 127.0.0.1:25        ->  -s 127.0.0.1
   the client may make the connection from any source port


exim may also listen on TCP port 587 and/or 465; if the exim
config requests it you will need rules for those ports too.

Without seeing the rest of your rules, you may also need to add
a rule with something like --state ESTABLISHED,RELATED -j ACCEPT
and the cP-Firewall-1-INPUT chain *may* not act on the lo (loopback)
interface, but just on your ethernet ...

Does your firewall log the connections it rejects ?
If so that would give you a better idea of what to accept.

However, I am suprised that you need a rule to block
connections on 127.0.0.1 at all. If you are being blocked
it is more likely to be on the IP address of the ethernet
connection...

-- 
Andrew C Aitchison            Cambridge, UK