On Sat, 19 Aug 2017, Ltc Hotspot via Exim-users wrote:
> Dear Exim Users:
>
> Is this a valid rule to authorize local access to Exim:
> -A cP-Firewall-1-INPUT -s 127.0.0.1:25 -p tcp -m state --state NEW -m
> tcp --dport 25 -j ACCEPT
-s 127.0.0.1:25 -> -s 127.0.0.1
the client may make the connection from any source port
exim may also listen on TCP port 587 and/or 465; if the exim
config requests it you will need rules for those ports too.
Without seeing the rest of your rules, you may also need to add
a rule with something like --state ESTABLISHED,RELATED -j ACCEPT
and the cP-Firewall-1-INPUT chain *may* not act on the lo (loopback)
interface, but just on your ethernet ...
Does your firewall log the connections it rejects ?
If so that would give you a better idea of what to accept.
However, I am suprised that you need a rule to block
connections on 127.0.0.1 at all. If you are being blocked
it is more likely to be on the IP address of the ethernet
connection...
--
Andrew C Aitchison Cambridge, UK