LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-22-2011, 02:53 AM   #1
SecUnix
LQ Newbie
 
Registered: Mar 2011
Location: India
Posts: 6

Rep: Reputation: 0
Sendmail config for inbound mail and redirecting them internally to other port


Hi,

I have configured a sendmail MTA for incoming mails in a network and by using IPtables i have redirected the traffic internally to other port where one more SMTP by a application is running.

Iptables rule:

iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 25000

My sendmail config is as below.

Sendmail.mc

define(`SMART_HOST', `relay:host.subdomain.mydomain.com')dnl

dnl # define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25000')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 25000')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr= "my IP address", Name=MTA-public')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA-local')dnl

/etc/services file details

smtp 25/tcp mail
smtp 25/udp mail
submission 25000/tcp # submission
submission 25000/udp # submission



after sendmail config is done i am able to receive mails , but when i applied the iptables rule as above then the mails get reject and logs will give me an error as dsn=5.0.0, stat= deffered service unavailable

I am not sure what i am missing here and what to do more to fix this.
 
Old 03-23-2011, 12:03 PM   #2
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Missing s in the REDIRECT option:

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-ports 25000
 
Old 03-23-2011, 12:06 PM   #3
savona
Member
 
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 195

Rep: Reputation: 50
Also can you show me the whole iptables -L -v output?


Man page:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-
defined chains which are only called from those chains. It redirects the packet to the
machine itself by changing the destination IP to the primary address of the incoming
interface (locally-generated packets are mapped to the 127.0.0.1 address).

--to-ports port[-port]
This specifies a destination port or range of ports to use: without this, the des‐
tination port is never altered. This is only valid if the rule also specifies -p
tcp or -p udp.

--random
If option --random is used then port mapping will be randomized (kernel >= 2.6.22).
 
Old 03-25-2011, 03:15 AM   #4
SecUnix
LQ Newbie
 
Registered: Mar 2011
Location: India
Posts: 6

Original Poster
Rep: Reputation: 0
HI Savona,

Thanks for ur reply

bash-3.2$ sudo /sbin/iptables -L -V
iptables v1.3.5

Also i have changed the

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-ports 25000

but still i see mails are getting rejected , that means the traffic to port 25 is getting blocked. posting my complete IPtables details

bash-3.2$ sudo cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Fri Mar 25 02:59:47 2011
*nat
:PREROUTING ACCEPT [224357:20885454]
:POSTROUTING ACCEPT [174764:11710222]
:OUTPUT ACCEPT [174764:11710222]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 25000
COMMIT
# Completed on Fri Mar 25 02:59:47 2011
# Generated by iptables-save v1.3.5 on Fri Mar 25 02:59:47 2011
*filter
:INPUT ACCEPT [19129684:6303695432]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [16312727:64039280665]
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
COMMIT
# Completed on Fri Mar 25 02:59:47 2011

I am not sure what i am missing.

Thanks
 
Old 03-25-2011, 03:42 AM   #5
SecUnix
LQ Newbie
 
Registered: Mar 2011
Location: India
Posts: 6

Original Poster
Rep: Reputation: 0
one more information

when i establish a SMTP connection to the host i get below reply from the server.

dsn=5.0.0, stat=Service unavailable

and the bounced message info as below

The following organization rejected your message: subdomain.mydomain.com

#5.0.0 SMTP; 554 Transaction failed> #SMTP#
 
Old 03-25-2011, 03:56 AM   #6
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 150

Rep: Reputation: 27
Hi There buddy

If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000

Two quick things for you to test

1.) Make telnet connection on your server on port 25000 and make sure sendmail is listening and working correctly

telnet localhost 25000
helo test
mail from:<test@yourdomain.com>
rcpt to:<root@yourdomain.com>
test
(Press Crtl button) then press . (fullstop) and then Press Ctrl button again
Type quit

If sendmail is working correctly on port 25000, then you might want to look at removing the iptables line

iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT

Because first you accept the port 25 connection, and then next line you want to redirect?
 
Old 03-25-2011, 05:46 AM   #7
SecUnix
LQ Newbie
 
Registered: Mar 2011
Location: India
Posts: 6

Original Poster
Rep: Reputation: 0
You are right here below what you assumed is my requirement.

"If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000"

telnet localhost 25000

showed me the banner and then after "." i got 554 Transaction failed. now i understand where things are wrong.

But the intention of the line

iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT

Is to make sure first the SMTP connection happens at 25 and once the message is accepted they can be redirected to 25000.

But i found,once i do telnet 198.1.1.2 25 , i do see the application SMTP banner and now i get it clearly.

The IPtables rule what i have applied will accept the traffic on 25 and redirect them to 25000. If the SMTP service on 25000 is not accepting connection , then you will see a transaction failed or other mail rejection error.

hmmm let me have a check on the apps side and get back here.
 
Old 03-25-2011, 05:53 AM   #8
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 150

Rep: Reputation: 27
Quote:
Originally Posted by SecUnix View Post
You are right here below what you assumed is my requirement.

"If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000"

telnet localhost 25000

showed me the banner and then after "." i got 554 Transaction failed. now i understand where things are wrong.

But the intention of the line

iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT

Is to make sure first the SMTP connection happens at 25 and once the message is accepted they can be redirected to 25000.

But i found,once i do telnet 198.1.1.2 25 , i do see the application SMTP banner and now i get it clearly.

The IPtables rule what i have applied will accept the traffic on 25 and redirect them to 25000. If the SMTP service on 25000 is not accepting connection , then you will see a transaction failed or other mail rejection error.

hmmm let me have a check on the apps side and get back here.
Glad I could help !!
 
Old 03-25-2011, 07:16 AM   #9
SecUnix
LQ Newbie
 
Registered: Mar 2011
Location: India
Posts: 6

Original Poster
Rep: Reputation: 0
checking the 25000 (apps SMTP) what helped me to fix this one.

The above steps for the SMTP port redirection can be used, since they are tested and working fine.

Thanks for all those reply.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to make Sendmail forward all incoming mail to localhost port 26 (Domino mail) speedgelb Linux - Software 3 09-27-2013 11:18 AM
SENDMAIL config error: mail loops back to me (MX problem?) /jhannus Slackware 6 06-21-2011 06:44 AM
Just Send to Mail Internally shipon_97 Linux - Newbie 3 11-30-2006 10:13 AM
Sendmail config: security and controlling outgoing mail unknownrisk Linux - Software 1 03-21-2004 03:05 PM
Problems sending mail internally linuxboy69 Linux - Software 0 01-22-2004 03:33 PM


All times are GMT -5. The time now is 12:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration