Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-22-2011, 02:53 AM
|
#1
|
LQ Newbie
Registered: Mar 2011
Location: India
Posts: 6
Rep:
|
Sendmail config for inbound mail and redirecting them internally to other port
Hi,
I have configured a sendmail MTA for incoming mails in a network and by using IPtables i have redirected the traffic internally to other port where one more SMTP by a application is running.
Iptables rule:
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 25000
My sendmail config is as below.
Sendmail.mc
define(`SMART_HOST', `relay:host.subdomain.mydomain.com')dnl
dnl # define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 25000')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 25000')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr= "my IP address", Name=MTA-public')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA-local')dnl
/etc/services file details
smtp 25/tcp mail
smtp 25/udp mail
submission 25000/tcp # submission
submission 25000/udp # submission
after sendmail config is done i am able to receive mails , but when i applied the iptables rule as above then the mails get reject and logs will give me an error as dsn=5.0.0, stat= deffered service unavailable
I am not sure what i am missing here and what to do more to fix this.
|
|
|
03-23-2011, 12:03 PM
|
#2
|
Member
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 215
Rep:
|
Missing s in the REDIRECT option:
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-ports 25000
|
|
|
03-23-2011, 12:06 PM
|
#3
|
Member
Registered: Mar 2011
Location: Bellmawr, NJ
Distribution: Red Hat / Fedora
Posts: 215
Rep:
|
Also can you show me the whole iptables -L -v output?
Man page:
REDIRECT
This target is only valid in the nat table, in the PREROUTING and OUTPUT chains, and user-
defined chains which are only called from those chains. It redirects the packet to the
machine itself by changing the destination IP to the primary address of the incoming
interface (locally-generated packets are mapped to the 127.0.0.1 address).
--to-ports port[-port]
This specifies a destination port or range of ports to use: without this, the des‐
tination port is never altered. This is only valid if the rule also specifies -p
tcp or -p udp.
--random
If option --random is used then port mapping will be randomized (kernel >= 2.6.22).
|
|
|
03-25-2011, 03:15 AM
|
#4
|
LQ Newbie
Registered: Mar 2011
Location: India
Posts: 6
Original Poster
Rep:
|
HI Savona,
Thanks for ur reply
bash-3.2$ sudo /sbin/iptables -L -V
iptables v1.3.5
Also i have changed the
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j REDIRECT --to-ports 25000
but still i see mails are getting rejected , that means the traffic to port 25 is getting blocked. posting my complete IPtables details
bash-3.2$ sudo cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Fri Mar 25 02:59:47 2011
*nat
:PREROUTING ACCEPT [224357:20885454]
:POSTROUTING ACCEPT [174764:11710222]
:OUTPUT ACCEPT [174764:11710222]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 25000
COMMIT
# Completed on Fri Mar 25 02:59:47 2011
# Generated by iptables-save v1.3.5 on Fri Mar 25 02:59:47 2011
*filter
:INPUT ACCEPT [19129684:6303695432]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [16312727:64039280665]
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
COMMIT
# Completed on Fri Mar 25 02:59:47 2011
I am not sure what i am missing.
Thanks
|
|
|
03-25-2011, 03:42 AM
|
#5
|
LQ Newbie
Registered: Mar 2011
Location: India
Posts: 6
Original Poster
Rep:
|
one more information
when i establish a SMTP connection to the host i get below reply from the server.
dsn=5.0.0, stat=Service unavailable
and the bounced message info as below
The following organization rejected your message: subdomain.mydomain.com
#5.0.0 SMTP; 554 Transaction failed> #SMTP#
|
|
|
03-25-2011, 03:56 AM
|
#6
|
Member
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 151
Rep:
|
Hi There buddy
If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000
Two quick things for you to test
1.) Make telnet connection on your server on port 25000 and make sure sendmail is listening and working correctly
telnet localhost 25000
helo test
mail from:<test@yourdomain.com>
rcpt to:<root@yourdomain.com>
test
(Press Crtl button) then press . (fullstop) and then Press Ctrl button again
Type quit
If sendmail is working correctly on port 25000, then you might want to look at removing the iptables line
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
Because first you accept the port 25 connection, and then next line you want to redirect?
|
|
|
03-25-2011, 05:46 AM
|
#7
|
LQ Newbie
Registered: Mar 2011
Location: India
Posts: 6
Original Poster
Rep:
|
You are right here below what you assumed is my requirement.
"If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000"
telnet localhost 25000
showed me the banner and then after "." i got 554 Transaction failed. now i understand where things are wrong.
But the intention of the line
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
Is to make sure first the SMTP connection happens at 25 and once the message is accepted they can be redirected to 25000.
But i found,once i do telnet 198.1.1.2 25 , i do see the application SMTP banner and now i get it clearly.
The IPtables rule what i have applied will accept the traffic on 25 and redirect them to 25000. If the SMTP service on 25000 is not accepting connection , then you will see a transaction failed or other mail rejection error.
hmmm let me have a check on the apps side and get back here.
|
|
|
03-25-2011, 05:53 AM
|
#8
|
Member
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 151
Rep:
|
Quote:
Originally Posted by SecUnix
You are right here below what you assumed is my requirement.
"If I understand your situation correctly, you have a mail server with IP address, lets say, 192.168.1.1
You want you redirect any SMTP connection (port 25) to port 25000"
telnet localhost 25000
showed me the banner and then after "." i got 554 Transaction failed. now i understand where things are wrong.
But the intention of the line
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
Is to make sure first the SMTP connection happens at 25 and once the message is accepted they can be redirected to 25000.
But i found,once i do telnet 198.1.1.2 25 , i do see the application SMTP banner and now i get it clearly.
The IPtables rule what i have applied will accept the traffic on 25 and redirect them to 25000. If the SMTP service on 25000 is not accepting connection , then you will see a transaction failed or other mail rejection error.
hmmm let me have a check on the apps side and get back here.
|
Glad I could help !!
|
|
|
03-25-2011, 07:16 AM
|
#9
|
LQ Newbie
Registered: Mar 2011
Location: India
Posts: 6
Original Poster
Rep:
|
checking the 25000 (apps SMTP) what helped me to fix this one.
The above steps for the SMTP port redirection can be used, since they are tested and working fine.
Thanks for all those reply.
|
|
|
All times are GMT -5. The time now is 02:33 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|