Well, that depends: is qmail taking incoming request or initiating an
outgoing request. This assumes the ipchains script is being used on your
gateway computer. The script for a firewall is different.
incoming request:
-s $anywhere $unprivports
-d $ipaddr 25
outgoing reponses to input request:
-s $ipaddr 25
-d $anywhere $unprivports
Now, initiating a connection, as in relaying email,
outgoing
-s $ipaddr $unprivports
-d $anywhere 25
incoming
-s $anywhere 25
-d $ipaddr $unprivports
(I didn't use the -b option for clarity)
My ipchains script for a non-firewall installation is not the same as a
firewall. There should be NO services running on your firewall!! The
firewall just passes packets between your DMZ, private internal network
and the wild, wild internet. When I setup my SMTP gateway as a bastion
host outside the firewall, by default I open all privports and then
close all ports that are not needed. I also look for spoofing and other
sundry nasties. If you'd like a copy of it, I could clean it up and send
it your way. I put it together rather quickly, so it's not pretty!
HTH
.mark
>----------
>From: Mark Lo[SMTP:[EMAIL PROTECTED]]
>Sent: Tuesday, February 20, 2001 10:07 AM
>To: Mark Schoonover; [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: unable to establish an smtp connection
>
>Hi,
>
>you mean : from my ipaddr 25 to anywhere 25 ???
> or from my ipaddr 25 to anywhere $unprivports ???
>
>which one is it ??
>
>Thank you
>
>Mark
>----- Original Message -----
>From: <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
><[EMAIL PROTECTED]>
>Sent: Wednesday, February 21, 2001 1:49 AM
>Subject: RE: unable to establish an smtp connection
>
>
>> Mark, Charles and the list,
>>
>> I go this error message as well. What caused it for me was an
>> improperly configured ipchains script used on my public gateway. Once I
>> configured the script to allow outgoing port 25 requests to anywhere,
>> that solved the problem. This error msg can be difficult to track down
>> because there's several ways it can be produced....
>>
>> HTH
>>
>> .mark
>>
>> >----------
>> >From: Mark Lo[SMTP:[EMAIL PROTECTED]]
>> >Sent: Tuesday, February 20, 2001 7:50 AM
>> >To: Charles Cazabon; [EMAIL PROTECTED]
>> >Subject: Re: unable to establish an smtp connection
>> >
>> >Hi Charles,
>> >
>> >I got the error messages very often, what should I do ??
>> >
>> >Mark
>> >----- Original Message -----
>> >From: Charles Cazabon <[EMAIL PROTECTED]>
>> >To: <[EMAIL PROTECTED]>
>> >Sent: Tuesday, February 20, 2001 11:17 PM
>> >Subject: Re: unable to establish an smtp connection
>> >
>> >
>> >> Mark Lo <[EMAIL PROTECTED]> wrote:
>> >> >
>> >> > Is this normal ?? If no, what causes this problem !!
>> >> > status: local 0/10 remote 1/20
>> >> > @400000003a91df743b68a804 delivery 45: deferral:
>> >> > Sorry,_I_wasn't_able_to_establish_an_SMTP_connection._(#4.4.1)/
>> >>
>> >> Completely normal. The remote mailserver didn't accept the connection.
>> >> Ignore this error if it occurs infrequently. qmail will keep trying to
>> >> deliver the affected message for a week (default).
>> >>
>> >> Charles
>> >> --
>> >> -----------------------------------------------------------------------
>> >> Charles Cazabon <[EMAIL PROTECTED]>
>> >> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
>> >> Any opinions expressed are just that -- my opinions.
>> >> -----------------------------------------------------------------------
>> >>
>> >
>> >
>>
>
>
