citizen3942
n00b
Joined: 24 Nov 2013
Posts: 1
|
 Posted: Sun Nov 24, 2013 10:39 am Post subject: SMTP firewall setup |
 |
|
I am struggling to get my SMTP protocol work for my server.
I have firewall setup:
| Code: |
Chain INPUT (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 445K 59M fail2ban-BadBots tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
2 24 1236 fail2ban-VSFTPD tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
3 6880 945K fail2ban-SPAM tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
4 6712 935K fail2ban-sasl tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
5 24 1236 fail2ban-ProFTPD tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
6 6439K 378M fail2ban-SSH tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
7 4202 2002K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
8 2997 492K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 ctstate NEW
9 16M 1340M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
10 76 4108 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
11 655 39244 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
12 7297 420K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
13 393 15776 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 limit: avg 25/min burst 100
14 40490 2004K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW
15 760 61774 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
16 119K 6772K LOGGING all -- * * 0.0.0.0/0 0.0.0.0/0
17 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
18 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
19 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
Chain FORWARD (policy DROP 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination
1 0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 120 packets, 71686 bytes)
num pkts bytes target prot opt in out source destination
1 4370 2012K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
2 0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
3 7933K 1344M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
4 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 ctstate NEW,ESTABLISHED
Chain LOGGING (1 references)
num pkts bytes target prot opt in out source destination
1 119K 6772K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-BadBots (1 references)
num pkts bytes target prot opt in out source destination
1 445K 59M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-ProFTPD (1 references)
num pkts bytes target prot opt in out source destination
1 24 1236 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SPAM (1 references)
num pkts bytes target prot opt in out source destination
1 6712 935K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-SSH (1 references)
num pkts bytes target prot opt in out source destination
2 6439K 378M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-VSFTPD (1 references)
num pkts bytes target prot opt in out source destination
1 24 1236 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-apache-myadmin (0 references)
num pkts bytes target prot opt in out source destination
1 399K 55M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fail2ban-sasl (1 references)
num pkts bytes target prot opt in out source destination
1 6712 935K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
|
Right now I am able to send e-mail out of my server yet no e-mail can pass my server from outside. For example if I try to telnet my server from outside I get connection to port 25, but I do not receive SMTP banner response.
Do I have some firewall configuration issue right here?
In postfix config I have setting inet_interfaces=all
I have searched the answer for a long time but with no luck. I hope you could help me out. |
|
Networking & Security
