Hi, all! I would like to send messages to another machine on my home LAN. My current configuration is: Main computer (F12, serves as router), is connected to the Internet via eth0. It shares its connection for two LAN machines - one is Win XP laptop connected to the main computer on eth1 and the other is sitting on eth2. It is an old Pentium III charged with Scientific Linux (I want to send mail to this machine from main computer). Currently I'm unable to send mail to it using this command on the router: mail <user>@192.168.3.30 where <user> is the desired user on that host and 192.168.3.30 is host IP. The message sends but nothing appears in <user>@192.168.3.30 mailbox :-( How can I fix it? By the way, I'm able to send mail to that user from any other account on that computer. Please advise! TIA
Hiisi writes:
Hi, all! I would like to send messages to another machine on my home LAN. My current configuration is: Main computer (F12, serves as router), is connected to the Internet via eth0. It shares its connection for two LAN machines - one is Win XP laptop connected to the main computer on eth1 and the other is sitting on eth2. It is an old Pentium III charged with Scientific Linux (I want to send mail to this machine from main computer). Currently I'm unable to send mail to it using this command on the router: mail <user>@192.168.3.30 where <user> is the desired user on that host and 192.168.3.30 is host IP. The message sends but nothing appears in <user>@192.168.3.30 mailbox :-( How can I fix it? By the way, I'm able to send mail to that user from any other account on that computer. Please advise!
What happens when you run:
telnet 192.168.3.30 25
ti, 2010-10-26 kello 18:23 -0400, Sam Varshavchik kirjoitti:
telnet 192.168.3.30 25
Hi, Sam. $ telnet 192.168.3.30 25 Trying 192.168.3.30... telnet: connect to address 192.168.3.30: Connection refused
However port 25 is open on 192.168.3.30: # cat /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Wed Oct 27 02:40:05 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [433:53995] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -d 192.168.3.20 -p tcp -m tcp --sport 1024:65535 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT -A FORWARD -j RH-Firewall-1-INPUT -A OUTPUT -s 192.168.3.20 -p tcp -m tcp --sport 25 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Oct 27 02:40:05 2010
Any other suggestions?
On 10/27/2010 06:42 AM, Hiisi wrote:
$ telnet 192.168.3.30 25 Trying 192.168.3.30... telnet: connect to address 192.168.3.30: Connection refused
It looks as if you've not changed the default configuration for sendmail.
By default it will only listen on the loopback address.
You need to go to /etc/mail and edit the sendmail.mc file. Details of this are located in the file.
Specifically, you need to locate this within the file....
dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
On Wed, 2010-10-27 at 07:00 +0800, Ed Greshko wrote:
It looks as if you've not changed the default configuration for sendmail.
By default it will only listen on the loopback address.
You need to go to /etc/mail and edit the sendmail.mc file. Details of this are located in the file.
Specifically, you need to locate this within the file....
dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Though, consider the following:
Will that machine be accessible from outside your LAN? If so, you need to take anti-spam steps.
Will that machine be accessible by (potentially) untrustworthy users within your LAN? The same precaution applies.
What anti-spam steps could you take? You could limit SMTP server to only sending to local addresses, so it can't spam the outside world. You could limit it to only accepting connections from your LAN, so outsiders can't get in. You can use the detection of bogus/forged addresses for blocking transmission of spam. You can run anti-spam software that looks at message content, to block spam...
On 10/27/2010 08:37 AM, Tim wrote:
Will that machine be accessible from outside your LAN? If so, you need to take anti-spam steps.
Since the OP mentioned the IP address to be 192.168.3.30 I didn't see the need to bring all that up.
ke, 2010-10-27 kello 08:44 +0800, Ed Greshko kirjoitti:
On 10/27/2010 08:37 AM, Tim wrote:
Will that machine be accessible from outside your LAN? If so, you need to take anti-spam steps.
Since the OP mentioned the IP address to be 192.168.3.30 I didn't see the need to bring all that up.
Thank you, guys! I understand now where's the problem. I tried the following changes in /etc/mail/sendmail.mc: DAEMON_OPTIONS(`Port=smtp,Addr=192.168.3.30, Name=MTA')dnl and DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl And restarted sendmail after that. Neither of it seems to be working. Now there's no Addr in sendmail.mc and I've got from netstat command: tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7151/sendmail: acce So, how can I force it to listen to something like 192.168.3.30:25? By the way, as this machine is sitting behind the router is it possible at all to access it by e-mail from the outside world?
On 10/27/2010 12:57 PM, Hiisi wrote:
ke, 2010-10-27 kello 08:44 +0800, Ed Greshko kirjoitti:
On 10/27/2010 08:37 AM, Tim wrote:
Will that machine be accessible from outside your LAN? If so, you need to take anti-spam steps.
Since the OP mentioned the IP address to be 192.168.3.30 I didn't see the need to bring all that up.
Thank you, guys! I understand now where's the problem. I tried the following changes in /etc/mail/sendmail.mc: DAEMON_OPTIONS(`Port=smtp,Addr=192.168.3.30, Name=MTA')dnl and DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl And restarted sendmail after that. Neither of it seems to be working. Now there's no Addr in sendmail.mc and I've got from netstat command: tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7151/sendmail: acce So, how can I force it to listen to something like 192.168.3.30:25? By the way, as this machine is sitting behind the router is it possible at all to access it by e-mail from the outside world?
Do you have the sendmail-cf package installed? It isn't installed by default and it is necessary to have it installed in order to remake the sendmail.cf. That detail is covered in the sendmail.mc file at the top....
On Wed, 2010-10-27 at 08:57 +0400, Hiisi wrote:
Thank you, guys! I understand now where's the problem. I tried the following changes in /etc/mail/sendmail.mc: DAEMON_OPTIONS(`Port=smtp,Addr=192.168.3.30, Name=MTA')dnl and DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl And restarted sendmail after that. Neither of it seems to be working. Now there's no Addr in sendmail.mc and I've got from netstat command: tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 7151/sendmail: acce So, how can I force it to listen to something like 192.168.3.30:25? By the way, as this machine is sitting behind the router is it possible at all to access it by e-mail from the outside world?
That should be the only option you have to change in your sendmail.mc file, as I do that as well and use the line like you did below...
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Also, edit your /etc/mail/localhost file and add in the domains/aliases of that particular machine running sendmail (add them under each other, not beside each other, as in one line at a time).
Not sure if this matters, but on my machine I use as a server, I run "network" service on it instead of NetworkManager. May or may not be your problem as well.
ke, 2010-10-27 kello 05:10 -0500, Mike Chambers kirjoitti:
On Wed, 2010-10-27 at 08:57 +0400, Hiisi wrote:
<--SNIP-->
That should be the only option you have to change in your sendmail.mc file, as I do that as well and use the line like you did below...
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
Also, edit your /etc/mail/localhost file and add in the domains/aliases of that particular machine running sendmail (add them under each other, not beside each other, as in one line at a time).
There's no /etc/mail/localhost file on both machines. Should I create it? If so, then where (i.e. on which machine)? There's only /etc/mail/local-host-names. It holds localhost aliases.
Not sure if this matters, but on my machine I use as a server, I run "network" service on it instead of NetworkManager. May or may not be your problem as well.
NetworkManager is disabled on both machines. Thank you. Appreciate your effort!
On Wed, 2010-10-27 at 15:02 +0400, Hiisi wrote:
There's no /etc/mail/localhost file on both machines. Should I create it? If so, then where (i.e. on which machine)? There's only /etc/mail/local-host-names. It holds localhost aliases.
Correct, my bad. It's /etc/mail/local-host-names file and you should include your workgroups/domains/etc.. in it like below..
domain.com computername.domain.com localhost
ke, 2010-10-27 kello 20:46 -0500, Mike Chambers kirjoitti:
On Wed, 2010-10-27 at 15:02 +0400, Hiisi wrote:
There's no /etc/mail/localhost file on both machines. Should I create it? If so, then where (i.e. on which machine)? There's only /etc/mail/local-host-names. It holds localhost aliases.
Correct, my bad. It's /etc/mail/local-host-names file and you should include your workgroups/domains/etc.. in it like below..
domain.com computername.domain.com localhost
On remote machine, right? # cat /etc/mail/local-host-names # local-host-names - include all aliases for your machine here. 192.168.3.30
On Thu, 2010-10-28 at 10:28 +0400, Hiisi wrote:
On remote machine, right? # cat /etc/mail/local-host-names # local-host-names - include all aliases for your machine here. 192.168.3.30
On the machine that is trying to accept your emails (or the machine that sendmail is running on).
Are you running a local dns for your private network? If not, might look at dnsmasq and/or also at least put in your hostnames/ip's to all your machines (if not that many) in your /etc/hosts file on all of them. Might help with recognizing hostnames and such.
Tim:
Will that machine be accessible from outside your LAN? If so, you need to take anti-spam steps.
Ed Greshko:
Since the OP mentioned the IP address to be 192.168.3.30 I didn't see the need to bring all that up.
I did, because I've seen modem routers which /helpfully/ forward all incoming packets, or users that configure them to do so. Not to mention users with wide-open wireless LANs.
The point about internal abuse/mal-use still stands, too.
ke, 2010-10-27 kello 20:07 +1030, Tim kirjoitti:
Tim:
Will that machine be accessible from outside your LAN? If so, you need
<--SNIP-->
users with wide-open wireless LANs.
The point about internal abuse/mal-use still stands, too.
OK, thank you, guys. Now I'm able to telnet to 192.168.3.30 on port 25 and can leave a mail for user on that machine. However it's still impossible to send mail to <user>@192.168.3.30 from router. The message is returned with error (reason: 550 Host unknown). It's name resolution problem, right? What should I change and on which machine to solve it? And once more time about my configuration: I don't worry about intrusion on the the LAN. There's nobody except me and my brother. I think I can even turn off SELinux and iptables on that machine. It will receive messages only from router.
On 10/27/2010 06:20 PM, Hiisi wrote:
OK, thank you, guys. Now I'm able to telnet to 192.168.3.30 on port 25 and can leave a mail for user on that machine. However it's still impossible to send mail to <user>@192.168.3.30 from router. The message is returned with error (reason: 550 Host unknown). It's name resolution problem, right? What should I change and on which machine to solve it? And once more time about my configuration: I don't worry about intrusion on the the LAN. There's nobody except me and my brother. I think I can even turn off SELinux and iptables on that machine. It will receive messages only from router.
I have seen a router where if you wanted to use an IP address instead of a hostname you had to format the email address as user@[192.168.3.30] to prevent the router from trying to do a DNS lookup.
ke, 2010-10-27 kello 18:37 +0800, Ed Greshko kirjoitti:
On 10/27/2010 06:20 PM, Hiisi wrote:
<--SNIP-->
I have seen a router where if you wanted to use an IP address instead of a hostname you had to format the email address as user@[192.168.3.30] to prevent the router from trying to do a DNS lookup.
Failed :-( (reason: 550 5.7.1 <user@[192.168.3.30]>... Relaying denied. IP name lookup f ailed [192.168.3.20])
Any other suggestions?
On 10/27/2010 06:57 PM, Hiisi wrote:
Any other suggestions?
First, you haven't said what router you are using. While it sounds as if you will have to set up a local name server to properly resolve the hostname of 192.168.3.30 to its IP address you may want to consult the router's documentation and/or contact the manufacturer of the router.
FWIW, I am assuming the error you reported is being seen in the logs of the router.
ke, 2010-10-27 kello 19:03 +0800, Ed Greshko kirjoitti:
First, you haven't said what router you are using. While it sounds as if you will have to set up a local name server to properly resolve the hostname of 192.168.3.30 to its IP address you may want to consult the router's documentation and/or contact the manufacturer of the router.
FWIW, I am assuming the error you reported is being seen in the logs of the router.
No, the router is my F12 computer that is connected to the Internet and shares its connection with LAN machines. Sorry if it wasn't too clear. Should I call it the gateway? Yes, there's an error in /var/log/maillog on the gateway: Oct 27 14:55:18 kello sendmail[9440]: o9RAtHE6009440: to=user@[192.168.3.30], ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30214, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (o9RAtIZj009442 Message accepted for delivery) Oct 27 14:55:18 kello sendmail[9444]: o9RAtIZj009442: to=<user@[192.168.3.30]>, ctladdr=root@kello.ru (0/0), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120435, relay=[192.168.3.30] [192.168.3.30], dsn=5.7.1, stat=User unknown Oct 27 14:55:18 kello sendmail[9444]: o9RAtIZj009442: o9RAtIZj009444: DSN: User unknown
It is the only mention of it in the maillog. If I send messages to user@192.168.3.30 (without brackets around addr) then there's nothing in log files and the message is returned to sender with reason: 550 Host unknown.
On 10/27/2010 06:57 AM, Hiisi wrote:
Failed :-( (reason: 550 5.7.1 <user@[192.168.3.30]>... Relaying denied. IP name lookup f ailed [192.168.3.20])
Any other suggestions?
Look at your /etc/mail/access file. You will need to add the hostnames of all machines on your local network that you want to have access to your sendmail daemon. Do it on each machine.
ke, 2010-10-27 kello 20:59 -0400, Kevin J. Cummings kirjoitti: <--SNIP-->
Look at your /etc/mail/access file. You will need to add the hostnames of all machines on your local network that you want to have access to your sendmail daemon. Do it on each machine.
OK, now I have: On F-12 router: cat /etc/mail/access Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:192.168.3.30 RELAY
On 192.168.3.30 machine: cat /etc/mail/access Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY Connect:192.168.3.20 RELAY
(192.168.3.20 is the addr of F12-eth2 on which 192.168.3.30 is connected) Now if I send mail to <user>@192.168.3.30 it's returned with reason: 550 Host unknown. If I send message to <user>@[192.168.3.30] then it's returned with reason: 553 5.3.5 system config error. And more over, the same message appears in root mailbox on 192.168.3.30 machine: Diagnostic-Code: SMTP; 553 5.3.5 system config error. What's next? I think there's the light at the end of this configure trouble, isn't it?
On Wed, 2010-10-27 at 14:20 +0400, Hiisi wrote:
Now I'm able to telnet to 192.168.3.30 on port 25 and can leave a mail for user on that machine. However it's still impossible to send mail to <user>@192.168.3.30 from router. The message is returned with error (reason: 550 Host unknown). It's name resolution problem, right? What should I change and on which machine to solve it? And once more time about my configuration: I don't worry about intrusion on the the LAN. There's nobody except me and my brother. I think I can even turn off SELinux and iptables on that machine. It will receive messages only from router.
When I tried to get my modem/router to email its logs to a computer in my LAN, and went through similar problems. The router would try to use the DNS servers it knew about (the ones the ISP sets up through DHCP), and obviously they couldn't resolve my LAN addresses. But, I gather from your first message that your router is a computer, not a device, so your problem ought to be different.
I think you want to check that each computer in the equation can resolve its own name, and the other computer's. Avoid using "localhost" as part of the mail addresses.
On my LAN, I have a DNS server that all the computers use, and it has all the local machine names in its records. It solved a lot of name issues, and freed me from ever having to mess around with hosts files, again.
The [bracketing] the IP address after the @ sign ought to work, to use an IP address without name lookups, but I don't know if everything does that trick.
Where are you seeing the error messages? The SMTP server logs from where you're trying to send from, trying to receive at, or something else?
Later on you mention a "user unknown" error. Are you accidentally trying to send mail out using your ISP's SMTP server?
ke, 2010-10-27 kello 22:20 +1030, Tim kirjoitti: <--SNIP-->
When I tried to get my modem/router to email its logs to a computer in my LAN, and went through similar problems. The router would try to use the DNS servers it knew about (the ones the ISP sets up through DHCP), and obviously they couldn't resolve my LAN addresses. But, I gather from your first message that your router is a computer, not a device, so your problem ought to be different.
I think you want to check that each computer in the equation can resolve its own name, and the other computer's. Avoid using "localhost" as part of the mail addresses.
How to check it?
On my LAN, I have a DNS server that all the computers use, and it has all the local machine names in its records. It solved a lot of name issues, and freed me from ever having to mess around with hosts files, again.
If it's possible I would like not to create my own DNS server. Looking for simple way to solve my problem.
The [bracketing] the IP address after the @ sign ought to work, to use an IP address without name lookups, but I don't know if everything does that trick.
In my case it seemingly doesn't work.
Where are you seeing the error messages? The SMTP server logs from where you're trying to send from, trying to receive at, or something else?
in /var/log/maillog on F12 computer (the router).
Later on you mention a "user unknown" error. Are you accidentally trying to send mail out using your ISP's SMTP server?
I saw it when I was trying to send message to <user>@[192.168.3.30]. If I send mail to <user>@192.168.3.30 there's no such error in mailog but message is returned by MAILER-DAEMON to root. Thanks for your help, Tim!
On 10/27/2010 8:32 AM, Hiisi wrote:
I saw it when I was trying to send message to<user>@[192.168.3.30]. If I send mail to<user>@192.168.3.30 there's no such error in mailog but message is returned by MAILER-DAEMON to root. Thanks for your help, Tim!
Which MAILER-DAEMON is sending the bounce?
PK
ke, 2010-10-27 kello 09:02 -0600, Patrick Kobly kirjoitti:
On 10/27/2010 8:32 AM, Hiisi wrote:
I saw it when I was trying to send message to<user>@[192.168.3.30]. If I send mail to<user>@192.168.3.30 there's no such error in mailog but message is returned by MAILER-DAEMON to root. Thanks for your help, Tim!
Which MAILER-DAEMON is sending the bounce?
PK
I don't know. The message is from MAILER-DAEMON@F12-router. The subject is "Postmaster notify: see transcript for details". It starts with lines: \begin{quote} Auto-Submitted: auto-generated (postmaster-notification) Status: RO
Part 1:
The original message was received at Wed, 27 Oct 2010 13:13:19 +0400 from localhost.localdomain [127.0.0.1] with id o9R9DJZn008307 \end{quote} Both systems (remote and router) are running sendmail.
Tim:
I think you want to check that each computer in the equation can resolve its own name, and the other computer's. Avoid using "localhost" as part of the mail addresses.
Hiisi:
How to check it?
The dig tool can be used to check DNS queries. But, you can probably just try pinging the hostnames, and look at what happens.
e.g. Presuming a host was called "mail", issuing "ping mail" as a command would produce several lines of output. The first one would have the fully qualified domain name and IP address (that it finds out about), the next few lines the ping results.
[tim@suspishus ~]$ ping mail PING mail.example.com (192.168.1.2) 56(84) bytes of data. 64 bytes from mail.example.com (192.168.1.2): icmp_seq=1 ttl=64 time=1.43 ms 64 bytes from mail.example.com (192.168.1.2): icmp_seq=2 ttl=64 time=1.19 ms ^C --- mail.example.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1414ms rtt min/avg/max/mdev = 1.192/1.313/1.435/0.126 ms
If names and IP addresses are correct, then you'd expect that name resolution is working fine. The ping results (timewise) just show networking responses, not responses from any mail software.
If it's possible I would like not to create my own DNS server. Looking for simple way to solve my problem.
Well, to be honest, I find running a normal DNS server much much simpler than messing around with hosts files. It gives me central management of name resolution, which is particularly useful if I ever need to change anything. And for *proper* mail handling, it's essential. The hosts file is inadequate - it cannot handle MX enquires, for instance.
I'm not sure if you need the full normal functionality to get local mail working, it's been years since I've tried to do mail with a crippled network setup.
In the normal run of things, when you try to mail someone, the mail server will do a MX record lookup to find out what should handle the mail. i.e. If you try to mail johndoe@example.com, mail doesn't simply get passed off to example.com, a MX lookup is done on example.com to find the address for example.com's mail server.
There are fallbacks for dealing with a lack of MX records, but how that's all handled will depend on your mail software. Old-timer's standard advice is "when you stop doing things the normal way, all bets are off."
The [bracketing] the IP address after the @ sign ought to work, to use an IP address without name lookups, but I don't know if everything does that trick.
In my case it seemingly doesn't work.
What tests are you trying? Obviously what you want to work isn't working, but what else are you trying to get mail to go through? The "mail" command line, a graphical mailer?
First I'd try doing mail on each computer to itself, to see if that works. e.g. mail root@localhost
Then, I'd try a similar test (still mailing itself), this time substituting the computer's own hostname.
e.g. mail root@computer1 and, separately, mail root@computer2
I saw it when I was trying to send message to <user>@[192.168.3.30]. If I send mail to <user>@192.168.3.30 there's no such error in mailog but message is returned by MAILER-DAEMON to root.
Does sound rather like you're getting error messages back from different servers (in one case, your SMTP server talking to another). You could try disconnecting your LAN from the ISP to limit what's involved in the test.
On 10/26/2010 03:42 PM, Hiisi wrote:
ti, 2010-10-26 kello 18:23 -0400, Sam Varshavchik kirjoitti:
telnet 192.168.3.30 25
Hi, Sam. $ telnet 192.168.3.30 25 Trying 192.168.3.30... telnet: connect to address 192.168.3.30: Connection refused
However port 25 is open on 192.168.3.30: # cat /etc/sysconfig/iptables # Generated by iptables-save v1.3.5 on Wed Oct 27 02:40:05 2010 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [433:53995] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -d 192.168.3.20 -p tcp -m tcp --sport 1024:65535 --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT -A FORWARD -j RH-Firewall-1-INPUT -A OUTPUT -s 192.168.3.20 -p tcp -m tcp --sport 25 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p esp -j ACCEPT -A RH-Firewall-1-INPUT -p ah -j ACCEPT -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 139 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Wed Oct 27 02:40:05 2010
Any other suggestions?
Just because it's not blocked by your firewall doesn't mean sendmail is listening. Try:
netstat -lpn | grep :25
and make sure sendmail is listening. If you get nothing then sendmail isn't running at all and as root, you need to:
# service sendmail start # chkconfig sendmail on
If you get something, but the line says something like:
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8381/sendmail
then sendmail is running, but it's only listening to mail on localhost (the "127.0.0.1:25" part of the line). In that case, as root, edit the /etc/mail/sendmail.mc file and search for the line:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
Modify the line to read:
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
And save the file. Finally, as root:
# service sendmail restart
---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, C2 Hosting ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - We are born naked, wet and hungry. Then things get worse. - ----------------------------------------------------------------------