Thanks for the reply. So it sounds like my iptables rule:
iptables -A INPUT -p tcp --dport 25 -j REJECT also blocks outbound mail too. Is there a preferred way to secure mailman SMTP traffic with iptables? In our case, we would just need an inbound filter that only accepts mail from a few hosts, I thought this would do it, but mailman wouldn't send mail with rules like this: # accept mail from two hosts, drop the rest iptables -A INPUT -p tcp -s 192.168.1.245 --dport 25 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.1.246 --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j REJECT For the queues - I guess it's fine today - still reviewing the logs, and I will use those bin utilities to see the messages, that will be helpful...thanks!! Scott -----Original Message----- From: Mark Sapiro [mailto:m...@msapiro.net] Sent: Tuesday, November 23, 2010 4:16 PM To: Scott Race; mailman-users@python.org Subject: Re: [Mailman-Users] Mailman server consuming entire Internet pipe (dualT1) Scott Race wrote: > >Haven't been able to figure out exactly what's up - but I do know if I set an >iptables rule to block all inbound port 25 traffic, issues go away - so... So, assuming you are also blocking port 25 connects from the local host via the loopback interface, you are blocking Mailman's connects to Postfix, thus preventing Mailman from connecting to Postfix and the resultant sending from Postfix of whatever Mailman is sending. Take a look at Mailman's queues, particularly virgin, out and retry to see what's there. Use Mailman's bin/dumpdb to see an individual entry's message and metadata or bin/show_quefiles to see one or more entries' messages. [...] >At this point I can't tell if I have a Postfix problem or Mailman problem. Any >ideas? Thanks!! I suspect the actual network traffic is coming from Postfix sending the stuff that Mailman is delivering to it. The question is what is Mailman doing. Check the queues as above and also Mailman's smtp and perhaps other logs. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
