Port 25 blocked by IPtables
 

Hi,

I am facing an issue with iptables. My SMTP port 25 is been blocked by iptables most of the time. Although I tried to whitelist the port it has no effect.

#iptables-save | grep 25
-A OUTPUT -o lo -p tcp -m tcp --dport 25 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 25 -j DROP


I could see an ACCEPT and DENY rule. As we remove the DENY the mails will be functional again, but after some time the port is been blocked again. We use postfix for our mail server and we also have CSF installed in it. We also tried using port 26. Still no luck. How could I resolve this issue permanently? Any clue ?

post the iptables output then people can help you... INPUT chain is the most important because usually need to filter-out the incoming traffic's.
OUTPUT chain is handling the outgoing traffic from your server. so mostly i don't filter it.

Result of #iptables -L -n | grep 25 is as follows :

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 owner GID match 41
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 owner GID match 12
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 owner UID match 0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

That's nice dear...
...and also mostly redundant and duplicated.

Now post the rest too as that is where the problem is (if that IS actually the problem).

I had set SMTP Blocking in the csf.conf to 1.
Would that be the cause?
How could I sort the root cause from the logs? Which log files should I check on.

SMTP_BLOCK = "1"