Tatome
2005-02-14 17:15:09 UTC
Hi, everyone,
I'm trying to get my debian box to send out messages via exim.
Unfortunately this desire seems to collide with my wish to make my
server as secure as possible. I set up a few firewall rules that seem
to effectively make smtp connections impossible although I don't know
how.
iptables -L INPUT reads as follows:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:113
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all -- [my.name.server] 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
As you can see the smtp port as well as the ident port are wide open.
Still exim says "Connection timed out" in the mainlog as long as the
chain policy is "DROP".
One thing I can think of is that there might be some other protocol
required for sending e-mails. I don't know which one though and I
don't find anything on the net.
Any help is greatly appreciated.
Johannes
I'm trying to get my debian box to send out messages via exim.
Unfortunately this desire seems to collide with my wish to make my
server as secure as possible. I set up a few firewall rules that seem
to effectively make smtp connections impossible although I don't know
how.
iptables -L INPUT reads as follows:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
dpt:113
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT all -- [my.name.server] 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
As you can see the smtp port as well as the ident port are wide open.
Still exim says "Connection timed out" in the mainlog as long as the
chain policy is "DROP".
One thing I can think of is that there might be some other protocol
required for sending e-mails. I don't know which one though and I
don't find anything on the net.
Any help is greatly appreciated.
Johannes