FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 11-23-2010, 12:12 AM
Robert Moskowitz
 
Default Sendmail, localloop, and iptables -- should I be more paranoid?

On 11/22/2010 05:52 PM, Alexander Dalloz wrote:
> Am 22.11.2010 16:11, schrieb Robert Moskowitz:
>
>> By default, sendmail only listens on the localloop:
>>
>> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>>
>> But by default to allow sendmail to even work the iptables entry is:
>>
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
>> ACCEPT
>>
>> Without this, sendmail can't even connect to localloop.
>>
> No, that is not correct. You miss to see the following rule
>
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>
> in the default /etc/sysconfig/iptables config file. So there is no
> problem where you see one.
>

Last week I built a new Centos 5.5 server. I installed logwatch and run
logwatch to 'force' the output. Before I did that, I had created
/root/.forward with my email address.

Sendmail could not send the message. I went into the gnome firewall
applet and allowed smtp, adding the rule I showed and still nothing.
Then I figured that the message was queued (that is what maillog said)
and would stay there for a while, so I restarted sendmail, and the
message went right out.

So empirical evidence strongly supports the need of this rule.


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org