Shorewall and SMTP problem...also, IP RESOLVING?
Hi,
I install shorewall firewall on my server and after that I have big problem with SMTP, I can send messages with outlook to server but that messages don`t go out from server! My server is on WHM/cPanel and EXIM.... When I click on "Delivery Now" for some message in WHM I get error: Message 1BtoLi-00033G-RN is not frozen LOG: MAIN == test@hotmail.com R=lookuphost defer (-1): host lookup did not complete or connection refused... yes, I set 25 port for smtp in shorewall! Can somebody help to me? Also, why now I can resolve IP addresses with PHP scripts? Only numbers I can`t get who is host... Thanks! P.S. Currently I have 735 messages in the mail queue:( |
In shorewall.conf I have:
IP_FORWARDING=Off ROUTE_FILTER=Yes In "/etc/shorewall/interfaces": net eth0 detect norfc1918,nobogons,blacklist,nosmurfs In "/etc/shorewall/rules": ACCEPT net fw icmp 8 ACCEPT net fw tcp 20 ACCEPT net fw tcp 21 ACCEPT net fw tcp 22 ACCEPT net fw tcp 25 ACCEPT net fw tcp 53 ACCEPT net fw udp 53 ACCEPT net fw tcp 80 ACCEPT net fw tcp 110 ACCEPT net fw tcp 143 ACCEPT net fw tcp 443 ACCEPT net fw tcp 465 ACCEPT net fw tcp 993 ACCEPT net fw tcp 995 ACCEPT net fw tcp 2082 ACCEPT net fw tcp 2083 ACCEPT net fw tcp 2086 ACCEPT net fw tcp 2087 ACCEPT net fw tcp 2095 ACCEPT net fw tcp 2096 ACCEPT dmz fw tcp smtp ACCEPT dmz fw tcp domain Here is what I get when restart shorewall: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/params ... Processing /etc/shorewall/shorewall.conf... Restarting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc dmz Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Warning: Zone loc is empty Warning: Zone dmz is empty Processing /etc/shorewall/init ... Deleting user chains... Setting up Accounting... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Processing /etc/shorewall/initdone ... Setting up Blacklisting... Blacklisting enabled on eth0:0.0.0.0/0 Adding Anti-smurf Rules Enabling RFC1918 Filtering Enabling Bogon Filtering Setting up Kernel Route Filtering... IP Forwarding Disabled! Processing /etc/shorewall/tunnels... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.DropSMB... Pre-processing /usr/share/shorewall/action.RejectSMB... Pre-processing /usr/share/shorewall/action.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /usr/share/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /usr/share/shorewall/action.AllowIMAP... Pre-processing /usr/share/shorewall/action.AllowTelnet... Pre-processing /usr/share/shorewall/action.AllowVNC... Pre-processing /usr/share/shorewall/action.AllowVNCL... Pre-processing /usr/share/shorewall/action.AllowNTP... Pre-processing /usr/share/shorewall/action.AllowRdate... Pre-processing /usr/share/shorewall/action.AllowNNTP... Pre-processing /usr/share/shorewall/action.AllowTrcrt... Pre-processing /usr/share/shorewall/action.AllowSNMP... Pre-processing /usr/share/shorewall/action.AllowPCA... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Processing /etc/shorewall/rules... Rule "ACCEPT net fw icmp 8" added. Rule "ACCEPT net fw tcp 20" added. Rule "ACCEPT net fw tcp 21" added. Rule "ACCEPT net fw tcp 5334" added. Rule "ACCEPT net fw tcp 25" added. Rule "ACCEPT net fw tcp 53" added. Rule "ACCEPT net fw udp 53" added. Rule "ACCEPT net fw tcp 80" added. Rule "ACCEPT net fw tcp 110" added. Rule "ACCEPT net fw tcp 143" added. Rule "ACCEPT net fw tcp 443" added. Rule "ACCEPT net fw tcp 465" added. Rule "ACCEPT net fw tcp 993" added. Rule "ACCEPT net fw tcp 995" added. Rule "ACCEPT net fw tcp 2082" added. Rule "ACCEPT net fw tcp 2083" added. Rule "ACCEPT net fw tcp 2086" added. Rule "ACCEPT net fw tcp 2087" added. Rule "ACCEPT net fw tcp 2095" added. Rule "ACCEPT net fw tcp 2096" added. Rule "ACCEPT dmz fw tcp smtp" added. Rule "ACCEPT dmz fw tcp domain" added. Rule "ACCEPT net fw tcp 26" added. Processing Actions... Processing /usr/share/shorewall/action.Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.RejectAuth... Rule "REJECT - - tcp 113" added. Processing /usr/share/shorewall/action.DropSMB... Rule "DROP - - udp 135" added. Rule "DROP - - udp 137:139" added. Rule "DROP - - udp 445" added. Rule "DROP - - tcp 135" added. Rule "DROP - - tcp 139" added. Rule "DROP - - tcp 445" added. Processing /usr/share/shorewall/action.DropUPnP... Rule "DROP - - udp 1900" added. Processing /usr/share/shorewall/action.DropDNSrep... Rule "DROP - - udp - 53" added. Processing /usr/share/shorewall/action.RejectSMB... Rule "REJECT - - udp 135" added. Rule "REJECT - - udp 137:139" added. Rule "REJECT - - udp 445" added. Rule "REJECT - - tcp 135" added. Rule "REJECT - - tcp 139" added. Rule "REJECT - - tcp 445" added. Processing /etc/shorewall/policy... Policy DROP for net to fw using chain net2all Policy ACCEPT for loc to net using chain loc2net Policy REJECT for dmz to fw using chain all2all Masqueraded Networks and Hosts: Processing /etc/shorewall/tos... Rule "all all tcp - ssh 16" added. Rule "all all tcp ssh - 16" added. Rule "all all tcp - ftp 16" added. Rule "all all tcp ftp - 16" added. Rule "all all tcp ftp-data - 8" added. Rule "all all tcp - ftp-data 8" added. Processing /etc/shorewall/ecn... Activating Rules... Processing /etc/shorewall/start ... Shorewall Restarted Where is problem? Thanks |
nmap -sU -p 53 10.1.7.100
53/udp open|filtered domain 53/tcp open domain Processing /usr/share/shorewall/action.DropDNSrep... Quit from /usr/share/shorewall/ Rule "DROP - - udp - 53" added. ACCEPT fw net udp 53 ACCEPT fw net tcp 53 |
All times are GMT -5. The time now is 08:16 AM. |