LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-25-2007, 12:23 PM   #1
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Rep: Reputation: 31
Post rejecting connections on 127.0.0.1 on localhost


I took the plunge and updated sarge to etch and now it rejects localhost proxy connections from spamassassin, postgrey, clamsmtp.

Other clues: outgoing works fine. It is queueing up the mail just fine, because I am not getting any bounces when I sent to addresses on that machine. It is also unable to deliver admin system messages.

Main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h

myhostname = webservices1.firstdomain.us
myorigin = /etc/mailname
mydestination = webservices1.firstdomain.us, mail.firstdomain.us, lists.firstdomain.us, firstdomain.us, mail.seconddomain.org, etc....
mynetworks = 127.0.0.0/8 192.168.2.0/24 192.168.1.0/24

smtpd_sasl_local_domain =
## $myhostname
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/aliases
##, hash:/var/lib/mailman/data/aliases
##virtual_maps = hash:/var/lib/mailman/data/virtual-mailman

relayhost =
## mailmain stuff
relay_domains = lists.fistdomain.us, lists.seconddomain.org
transport_maps = hash:/etc/postfix/transport
mailmain_destination_recipient_limit = 1
mailbox_command =
mailbox_size_limit = 0

recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

disable_vrfy_command = yes
strict_rfc821_envelopes = yes

smtpd_helo_required = yes

smtpd_helo_restrictions =
        permit_mynetworks,
        reject_invalid_hostname,
        regexp:/etc/postfix/helo.regexp,
        permit

smtpd_recipient_limit = 20
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 10
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:60000,
        check_recipient_access hash:/etc/postfix/access,
        check_client_access hash:/etc/postfix/helo_client_exceptions,
        check_sender_access  hash:/etc/postfix/sender_checks,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client bl.spamcop.net,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        reject_invalid_hostname,
        reject_non_fqdn_hostname,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_non_fqdn_sender,
        reject_unauth_pipelining,
        check_client_access hash:/etc/postfix/rbl_client_exceptions,
        permit

unknown_address_reject_code  = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
unknown_client_reject_code   = 554

smtpd_sender_restrictions =
        permit_mynetworks,
        reject_rhsbl_sender dsn.rfc-ignorant.org,
        permit_sasl_authenticated,
        reject_sender_login_mismatch,
        hash:/etc/postfix/access,
        permit

content_filter = scan:[127.0.0.1]:10025

home_mailbox = Maildir/
A snipit of a typical error message:
Code:
Apr 25 09:59:27 webservices1 postfix/smtp[20814]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10025)
The above is the outgoing connection from antivirus proxy on 10025

Thanks

dan
 
Old 04-25-2007, 03:42 PM   #2
Okie
Member
 
Registered: Mar 2002
Location: Oklahoma
Posts: 964

Rep: Reputation: 34
/usr/sbin/iptables -A INPUT -i lo -j ACCEPT
/usr/sbin/iptables -A OUTPUT -o lo -j ACCEPT


no guarentees, this might fix it
 
Old 04-26-2007, 12:48 PM   #3
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Original Poster
Rep: Reputation: 31
Thanks Okie for responding. I don't use iptables on this box, as it is behind a firewall in a dmz and has only very specific services that are well maintained.

I did figure out what it was. I am using clamsmpt, as an anti-virus proxy. The config script for clamsmtp in sarge had the ports reversed for incoming and outgoing as compared with clamsmtp's install instructions. Somewhere between then and now the maintainers corrected this, I naturally kept my config script during the upgrade from sarg to etch. So in essence, after the upgrade MY set up was backwards. I simply set the ports per clamsmtp's install instructions and viola mail queue's started dumping.

What I don't fully understand, however, is why other services like spamassassin were coming up with similar errors in log files.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix rejecting connections atmadrau Linux - Server 5 02-20-2007 07:56 AM
sendmail rejecting connections WorldBuilder Linux - Networking 21 01-12-2006 06:34 AM
Maillog: sendmail rejecting connections on daemon IPv4: load average: 22 J_Szucs Linux - Security 2 01-28-2004 07:17 AM
shorewall dropping/rejecting wanted connections (squid/webmin) win32sux Linux - Networking 2 08-01-2003 02:57 PM
Localhost 127.0.0.1 may be forged ?? Mzee Linux - Networking 14 03-20-2003 01:51 PM


All times are GMT -5. The time now is 07:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration