Hi,
I install shorewall firewall on my server and after that I have big
problem with SMTP, I can send messages with outlook to server but that
messages don`t go out from server (Currently I have over 800 messages
in the mail queue)
My server is on WHM/cPanel and EXIM....
When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
== test@hotmail.com R=lookuphost defer (-1): host lookup did not complete
or connection refused...
yes, I set 25 port for smtp in shorewall!
Also, now WHM can`t get news from cPanel server!
Also, now I can`t resolve IP addresses with PHP scripts, I can`t get
who is host, only numbers....
POP3 work fine....
In shorewall.conf I have:
IP_FORWARDING=Off
ROUTE_FILTER=Yes
In "/etc/shorewall/interfaces":
net eth0 detect norfc1918,nobogons,blacklist,nosmurfs
In "/etc/shorewall/rules":
ACCEPT net fw icmp 8
ACCEPT net fw tcp 20
ACCEPT net fw tcp 21
ACCEPT net fw tcp 22
ACCEPT net fw tcp 25
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
ACCEPT net fw tcp 80
ACCEPT net fw tcp 110
ACCEPT net fw tcp 143
ACCEPT net fw tcp 443
ACCEPT net fw tcp 465
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT net fw tcp 2082
ACCEPT net fw tcp 2083
ACCEPT net fw tcp 2086
ACCEPT net fw tcp 2087
ACCEPT net fw tcp 2095
ACCEPT net fw tcp 2096
ACCEPT dmz fw tcp smtp
ACCEPT dmz fw tcp domain
Here is what I get when restart shorewall:
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc dmz
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Warning: Zone loc is empty
Warning: Zone dmz is empty
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Setting up Blacklisting...
Blacklisting enabled on eth0:0.0.0.0/0
Adding Anti-smurf Rules
Enabling RFC1918 Filtering
Enabling Bogon Filtering
Setting up Kernel Route Filtering...
IP Forwarding Disabled!
Processing /etc/shorewall/tunnels...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw icmp 8" added.
Rule "ACCEPT net fw tcp 20" added.
Rule "ACCEPT net fw tcp 21" added.
Rule "ACCEPT net fw tcp 22" added.
Rule "ACCEPT net fw tcp 25" added.
Rule "ACCEPT net fw tcp 53" added.
Rule "ACCEPT net fw udp 53" added.
Rule "ACCEPT net fw tcp 80" added.
Rule "ACCEPT net fw tcp 110" added.
Rule "ACCEPT net fw tcp 143" added.
Rule "ACCEPT net fw tcp 443" added.
Rule "ACCEPT net fw tcp 465" added.
Rule "ACCEPT net fw tcp 993" added.
Rule "ACCEPT net fw tcp 995" added.
Rule "ACCEPT net fw tcp 2082" added.
Rule "ACCEPT net fw tcp 2083" added.
Rule "ACCEPT net fw tcp 2086" added.
Rule "ACCEPT net fw tcp 2087" added.
Rule "ACCEPT net fw tcp 2095" added.
Rule "ACCEPT net fw tcp 2096" added.
Rule "ACCEPT dmz fw tcp smtp" added.
Rule "ACCEPT dmz fw tcp domain" added.
Rule "ACCEPT net fw tcp 26" added.
Processing Actions...
Processing /usr/share/shorewall/action.Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.DropSMB...
Rule "DROP - - udp 135" added.
Rule "DROP - - udp 137:139" added.
Rule "DROP - - udp 445" added.
Rule "DROP - - tcp 135" added.
Rule "DROP - - tcp 139" added.
Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to net using chain loc2net
Policy REJECT for dmz to fw using chain all2all
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Restarted
Where is problem?
Thanks
SORRY FOR MY ENGLISH