thr3ads.net - Shorewall users - SMTP, IP, WHM news problems.... [Aug 2004]

If this information is useful, please help other people find it:
Share via:

Ratko Dakic

2004-Aug-12 09:14 UTC

SMTP, IP, WHM news problems....

Hi,
I install shorewall firewall on my server and after that I have big
problem with SMTP, I can send messages with outlook to server but that
messages don`t go out from server (Currently I have over 800 messages
in the mail queue)
My server is on WHM/cPanel and EXIM....

When I click on "Delivery Now" for some message in WHM I get error:
Message 1BtoLi-00033G-RN is not frozen
LOG: MAIN
== test@hotmail.com R=lookuphost defer (-1): host lookup did not complete


or connection refused...

yes, I set 25 port for smtp in shorewall!

Also, now WHM can`t get news from cPanel server!
Also, now I can`t resolve IP addresses with PHP scripts, I can`t get
who is host, only numbers.... 

POP3 work fine....

In shorewall.conf I have:
IP_FORWARDING=Off
ROUTE_FILTER=Yes

In "/etc/shorewall/interfaces":
net eth0 detect norfc1918,nobogons,blacklist,nosmurfs

In "/etc/shorewall/rules":
ACCEPT net fw icmp 8
ACCEPT net fw tcp 20
ACCEPT net fw tcp 21
ACCEPT net fw tcp 22
ACCEPT net fw tcp 25
ACCEPT net fw tcp 53
ACCEPT net fw udp 53
ACCEPT net fw tcp 80
ACCEPT net fw tcp 110
ACCEPT net fw tcp 143
ACCEPT net fw tcp 443
ACCEPT net fw tcp 465
ACCEPT net fw tcp 993
ACCEPT net fw tcp 995
ACCEPT net fw tcp 2082
ACCEPT net fw tcp 2083
ACCEPT net fw tcp 2086
ACCEPT net fw tcp 2087
ACCEPT net fw tcp 2095
ACCEPT net fw tcp 2096
ACCEPT dmz fw tcp smtp
ACCEPT dmz fw tcp domain

Here is what I get when restart shorewall:

Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Restarting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Connection Tracking Match: Available
Determining Zones...
Zones: net loc dmz
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
Net Zone: eth0:0.0.0.0/0
Warning: Zone loc is empty
Warning: Zone dmz is empty
Processing /etc/shorewall/init ...
Deleting user chains...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Setting up Blacklisting...
Blacklisting enabled on eth0:0.0.0.0/0
Adding Anti-smurf Rules
Enabling RFC1918 Filtering
Enabling Bogon Filtering
Setting up Kernel Route Filtering...
IP Forwarding Disabled!
Processing /etc/shorewall/tunnels...
Pre-processing Actions...
Pre-processing /usr/share/shorewall/action.DropSMB...
Pre-processing /usr/share/shorewall/action.RejectSMB...
Pre-processing /usr/share/shorewall/action.DropUPnP...
Pre-processing /usr/share/shorewall/action.RejectAuth...
Pre-processing /usr/share/shorewall/action.DropPing...
Pre-processing /usr/share/shorewall/action.DropDNSrep...
Pre-processing /usr/share/shorewall/action.AllowPing...
Pre-processing /usr/share/shorewall/action.AllowFTP...
Pre-processing /usr/share/shorewall/action.AllowDNS...
Pre-processing /usr/share/shorewall/action.AllowSSH...
Pre-processing /usr/share/shorewall/action.AllowWeb...
Pre-processing /usr/share/shorewall/action.AllowSMB...
Pre-processing /usr/share/shorewall/action.AllowAuth...
Pre-processing /usr/share/shorewall/action.AllowSMTP...
Pre-processing /usr/share/shorewall/action.AllowPOP3...
Pre-processing /usr/share/shorewall/action.AllowIMAP...
Pre-processing /usr/share/shorewall/action.AllowTelnet...
Pre-processing /usr/share/shorewall/action.AllowVNC...
Pre-processing /usr/share/shorewall/action.AllowVNCL...
Pre-processing /usr/share/shorewall/action.AllowNTP...
Pre-processing /usr/share/shorewall/action.AllowRdate...
Pre-processing /usr/share/shorewall/action.AllowNNTP...
Pre-processing /usr/share/shorewall/action.AllowTrcrt...
Pre-processing /usr/share/shorewall/action.AllowSNMP...
Pre-processing /usr/share/shorewall/action.AllowPCA...
Pre-processing /usr/share/shorewall/action.Drop...
Pre-processing /usr/share/shorewall/action.Reject...
Processing /etc/shorewall/rules...
Rule "ACCEPT net fw icmp 8" added.
Rule "ACCEPT net fw tcp 20" added.
Rule "ACCEPT net fw tcp 21" added.
Rule "ACCEPT net fw tcp 22" added.
Rule "ACCEPT net fw tcp 25" added.
Rule "ACCEPT net fw tcp 53" added.
Rule "ACCEPT net fw udp 53" added.
Rule "ACCEPT net fw tcp 80" added.
Rule "ACCEPT net fw tcp 110" added.
Rule "ACCEPT net fw tcp 143" added.
Rule "ACCEPT net fw tcp 443" added.
Rule "ACCEPT net fw tcp 465" added.
Rule "ACCEPT net fw tcp 993" added.
Rule "ACCEPT net fw tcp 995" added.
Rule "ACCEPT net fw tcp 2082" added.
Rule "ACCEPT net fw tcp 2083" added.
Rule "ACCEPT net fw tcp 2086" added.
Rule "ACCEPT net fw tcp 2087" added.
Rule "ACCEPT net fw tcp 2095" added.
Rule "ACCEPT net fw tcp 2096" added.
Rule "ACCEPT dmz fw tcp smtp" added.
Rule "ACCEPT dmz fw tcp domain" added.
Rule "ACCEPT net fw tcp 26" added.
Processing Actions...
Processing /usr/share/shorewall/action.Drop...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "DropSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject...
Rule "RejectAuth" added.
Rule "dropBcast" added.
Rule "dropInvalid" added.
Rule "RejectSMB" added.
Rule "DropUPnP" added.
Rule "dropNotSyn" added.
Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth...
Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.DropSMB...
Rule "DROP - - udp 135" added.
Rule "DROP - - udp 137:139" added.
Rule "DROP - - udp 445" added.
Rule "DROP - - tcp 135" added.
Rule "DROP - - tcp 139" added.
Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP...
Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep...
Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB...
Rule "REJECT - - udp 135" added.
Rule "REJECT - - udp 137:139" added.
Rule "REJECT - - udp 445" added.
Rule "REJECT - - tcp 135" added.
Rule "REJECT - - tcp 139" added.
Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
Policy DROP for net to fw using chain net2all
Policy ACCEPT for loc to net using chain loc2net
Policy REJECT for dmz to fw using chain all2all
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Rule "all all tcp - ssh 16" added.
Rule "all all tcp ssh - 16" added.
Rule "all all tcp - ftp 16" added.
Rule "all all tcp ftp - 16" added.
Rule "all all tcp ftp-data - 8" added.
Rule "all all tcp - ftp-data 8" added.
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Restarted

Where is problem?

Thanks

SORRY FOR MY ENGLISH

Tom Eastep

2004-Aug-12 13:32 UTC

head link

Re: SMTP, IP, WHM news problems....

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ratko Dakic wrote:
| Hi,
| I install shorewall firewall on my server and after that I have big
| problem with SMTP, I can send messages with outlook to server but that
| messages don`t go out from server (Currently I have over 800 messages
| in the mail queue)
| My server is on WHM/cPanel and EXIM....
|
| When I click on "Delivery Now" for some message in WHM I get error:
| Message 1BtoLi-00033G-RN is not frozen
| LOG: MAIN
| == test@hotmail.com R=lookuphost defer (-1): host lookup did not complete
|
|
| or connection refused...
|
| yes, I set 25 port for smtp in shorewall!
|
| Also, now WHM can`t get news from cPanel server!
| Also, now I can`t resolve IP addresses with PHP scripts, I can`t get
| who is host, only numbers....
|
| POP3 work fine....
|
| In shorewall.conf I have:
| IP_FORWARDING=Off
| ROUTE_FILTER=Yes
|
| In "/etc/shorewall/interfaces":
| net eth0 detect norfc1918,nobogons,blacklist,nosmurfs
|
| In "/etc/shorewall/rules":
| ACCEPT net fw icmp 8
| ACCEPT net fw tcp 20
| ACCEPT net fw tcp 21
| ACCEPT net fw tcp 22
| ACCEPT net fw tcp 25
| ACCEPT net fw tcp 53
| ACCEPT net fw udp 53
| ACCEPT net fw tcp 80
| ACCEPT net fw tcp 110
| ACCEPT net fw tcp 143
| ACCEPT net fw tcp 443
| ACCEPT net fw tcp 465
| ACCEPT net fw tcp 993
| ACCEPT net fw tcp 995
| ACCEPT net fw tcp 2082
| ACCEPT net fw tcp 2083
| ACCEPT net fw tcp 2086
| ACCEPT net fw tcp 2087
| ACCEPT net fw tcp 2095
| ACCEPT net fw tcp 2096
| ACCEPT dmz fw tcp smtp
| ACCEPT dmz fw tcp domain
|

You don''t say where your server is running but if it is in the DMZ
then:

a) it has no DNS access ("tcp domain" is only used in rare
circumstances)
b) it has no smtp access to the internet (only to the firewall).

If the server is running on the firewall then it has no internet access
whatsoever.

- -Tom

- --
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBG3FzO/MAbZfjDLIRAlpFAJ4zcMdsMGMXzO9jRpE5nPIaiE3F4ACfRZ+C
ME1jU1Jp195mn1tq+2Ewx8c=6THG
-----END PGP SIGNATURE-----

Seemingly Similar Threads

Search for more reasonably related threads

Shorewall users - Aug 2004 - SMTP, IP, WHM news problems....

SMTP, IP, WHM news problems....

Re: SMTP, IP, WHM news problems....

Seemingly Similar Threads