FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

LinkBack Thread Tools
Old 11-23-2010, 12:12 AM
Robert Moskowitz
Default Sendmail, localloop, and iptables -- should I be more paranoid?

On 11/22/2010 05:52 PM, Alexander Dalloz wrote:
> Am 22.11.2010 16:11, schrieb Robert Moskowitz:
>> By default, sendmail only listens on the localloop:
>> DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
>> But by default to allow sendmail to even work the iptables entry is:
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
>> Without this, sendmail can't even connect to localloop.
> No, that is not correct. You miss to see the following rule
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> in the default /etc/sysconfig/iptables config file. So there is no
> problem where you see one.

Last week I built a new Centos 5.5 server. I installed logwatch and run
logwatch to 'force' the output. Before I did that, I had created
/root/.forward with my email address.

Sendmail could not send the message. I went into the gnome firewall
applet and allowed smtp, adding the rule I showed and still nothing.
Then I figured that the message was queued (that is what maillog said)
and would stay there for a while, so I restarted sendmail, and the
message went right out.

So empirical evidence strongly supports the need of this rule.

CentOS mailing list

Thread Tools

All times are GMT. The time now is 12:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org