I have sendmail working fine - until I turn on iptables. I have the
following lines in the filters section:
-A INPUT -p tcp -m tcp --dport 25 -j LOG
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT

iptables -L -v gives:
0 0 LOG tcp -- any any anywhere anywhere
tcp dpt:smtp LOG level warning
0 0 ACCEPT tcp -- any any anywhere anywhere
tcp dpt:smtp

The messages log gives this:
Oct 27 13:37:35 fremont-county kernel: IN=eth0 OUT=
MAC=00:50:da:05:cf:70:00:14:95:85:8c:91:08:00 SRC=192.168.0.68
DST=71.39.150.58 LEN=69 TOS=0x00 PREC=0x00 TTL=127 ID=59834 DF PROTO=TCP
SPT=1732 DPT=25 WINDOW=65383 RES=0x00 ACK PSH URGP=0


As soon as I enable iptables mail is no longer accepted. Turning off the
filtering lets it work again.
All of my other ports work fine - 25 is the only problem.

Is there something else I need?

Those rules aren't doing any filtering. The log is showing you the packet which was sent to ACCEPT. What you want to see in the log is the opposite - the ones which are getting filtered.

vaughn,

maybe you should post your iptables -nvL
so we can see which rule trigger your problem.

I fiddled with the iptables entries and it started working after I removed the values from the entry ":INPUT ACCEPT [35:2840]" (changed it to ":INPUT ACCEPT [0:0]" - I did the same for the OUTPUT ACCEPT entry.

I was going to post the iptables -nvL output but it is huge (74K).

Thanks for the responses.

Glenn

You must have done something else too, as the only thing those changes did is set the packet and byte counters to zero. That would only affect you if you had reached the limit on some sort of quota rules. BTW, I know it's a tough habit to break, but you should really try to abstain from manually editing your iptables configuration file - use an iptables script instead (and let iptables-save be the only one to mess with the config). It is a much less error-prone approach IMHO. Anyhow, it's just a suggestion.