Re: [exim] local server access

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ltc Hotspot
Date:  
À: Graeme Fowler
CC: Exim-Users
Sujet: Re: [exim] local server access
Graeme,

Check the attached iptable rules to determine, if smarthost port
traffic have authorized access to the local mail server.

These are the Outbound SMTP IP addresses that should have authorized
access to the local server:
https://support.duocircle.com/solution/articles/5000704608-ip-addresses-of-smtp-servers.


These are the Inbound IP addresses that should have authorized access
to the local server:
https://support.duocircle.com/solution/articles/5000524218-ip-addresses-for-firewalls.


Secondly, all third party port traffic is further blocked by these rules?.


Thanks,
Hal


On Sun, Aug 20, 2017 at 5:44 AM, Graeme Fowler via Exim-users
<exim-users@???> wrote:
> On 20 Aug 2017, at 13:26, Ltc Hotspot via Exim-users <exim-users@???> wrote:
>> We configured a smarthost with an iptable to block all incoming port
>> traffic. What is the rule which allows for the local server to connect
>> to the address 127.0.0.1:25 ?
>
> Firstly, that’s not specifically an Exim problem - you probably need to be asking the question on a WHM mailing list as that’s what you’re using.
>
>> Read attached exim error log file and the current iptable
>> configuration for details.
>
> Notwithstanding the above, you don’t appear to have a generic:
>
> -A [chain] -i lo -j ACCEPT
>
> rule at the top of your file. That would solve your problem, and any others you might have whereby the machine wants to talk IP to itself - it will *always* talk to itself on interface lo, rather than the ethernet interfaces, because that’s the shortest and least interruptive path.
>
> Graeme
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

-A [chain] -i lo -j ACCEPT
71L, 5507C-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
-A cP-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.191.214.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.210.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.191.151.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.148.219.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.206.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.186.27.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.191.158.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.186.172.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.36.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.155.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.69.130.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.213.22.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.200.247.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.186.218.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.200.129.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.205.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.148.222.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.148.30.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.69.62.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.68.193.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.186.60.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.154.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.148.229.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.186.22.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 54.149.26.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.28.30.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.118.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.142.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.144.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.147.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.152.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.29.162.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.58.5.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -s 52.58.7.0/24 -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j DROP