Little problem with firewall and email...

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
antonio_ita

Little problem with firewall and email...

Unread post by antonio_ita »

Hi guys,
I've just configured my new server, and everything seems to work fine...

When I installed it (RH9), I enabled the firewall with high security level, but now it seems that doesn't accept incoming emails, and in my mailbox I receive only emails generated on the server itself...

I think it's a firewall configuration problem, I tried to configure or disable it with lokkit, but this doesn't produce any action... even by disabling it and rebooting the machine I get no emails... :(

Maybe this could help solving the problem:

service iptables status
Tabella: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable

HELP!
antonio_ita

Unread post by antonio_ita »

Moreover, if I try to read messages by Horde webmail, I am able to log in, but when I want to see the list of emails, IE asks me to download the php file instead of showing me the page, and others like firefox show a page full of senseless symbols...
antonio_ita

Unread post by antonio_ita »

I disabled the firewall with lokkit, but it still doesn't work... I get no emails...
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Unread post by scott »

run the following:

/etc/init.d/iptables stop

That should clear all the rules. As to the php issue, that sounds to me like the handler for PHP didnt get set up right. Is this a new install?
antonio_ita

Unread post by antonio_ita »

Yes, it is a new install, but with other php pages I have no kind of problems...

I ran lokkit disabling the firewall and then the command service iptables restart, and all the rules were cleared, but I still can't receive mail...
antonio_ita

Unread post by antonio_ita »

Does it's possibile that there's another firewall installled by red hat?

Now I tried to set medium level with lokkit, without opening the port 8443 for the plesk control panel, I restarted the iptables service, but I can still access the plesk control panel!!
antonio_ita

Unread post by antonio_ita »

I have just checked on the RH manual, and at the end it says
To change your security level configuration after you have completed the installation, use the Security Level Configuration Tool.

Type the redhat-config-securitylevel command in a shell prompt to launch the Security Level Configuration Tool. If you are not root, it will prompt you for the root password to continue.
Do I have to use it? I haven't it installed, and it has some dependancies, there's a yum repository with it?
antonio_ita

Unread post by antonio_ita »

Hi Scott...

I checked and lokkit works fine, if I set a high security level, without opening the port 8443, I can't access the plesk CP...

Do I have to open more ports over the 25 to receive mail???

I'm getting crazy :shock:
antonio_ita

Unread post by antonio_ita »

Code: Select all

 service iptables status
Tabella: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Lokkit-0-50-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Lokkit-0-50-INPUT (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:mysql flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:8443 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:pop3 flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT     all  --  anywhere             anywhere
REJECT     tcp  --  anywhere             anywhere           tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT     udp  --  anywhere             anywhere           udp dpt:nfs reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere           tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
Well, now the firewall seems to be well configured... but why I still don't receive mail from outside???....

And why only some Horde PHP files are not interpreted???

If it's not the firewall, what could it be???

Help.... :cry:
antonio_ita

Unread post by antonio_ita »

I checked /var/log/maillog and it's empty, even other old logs are empty, only one of the 27 july (day when I set up the server) there are the following entries:

Code: Select all

Jul 27 09:50:00 localhost sendmail[2314]: alias database /etc/aliases rebuilt by root
Jul 27 09:50:00 localhost sendmail[2314]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total
Jul 27 09:50:00 localhost sendmail[2327]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Jul 27 09:50:00 localhost sm-msp-queue[2336]: starting daemon (8.12.8): queueing@01:00:00
Jul 27 10:11:44 localhost sendmail[2234]: alias database /etc/aliases rebuilt by root
Jul 27 10:11:44 localhost sendmail[2234]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total
Jul 27 10:11:44 localhost sendmail[2247]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Jul 27 10:11:44 localhost sm-msp-queue[2256]: starting daemon (8.12.8): queueing@01:00:00
Jul 27 11:39:45 localhost sendmail[2354]: alias database /etc/aliases rebuilt by root
Jul 27 11:39:45 localhost sendmail[2354]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total
Jul 27 11:39:45 localhost sendmail[2367]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Jul 27 11:39:45 localhost sm-msp-queue[2376]: starting daemon (8.12.8): queueing@01:00:00
Jul 27 11:53:22 localhost sendmail[2473]: alias database /etc/aliases rebuilt by root
Jul 27 11:53:22 localhost sendmail[2473]: /etc/aliases: 63 aliases, longest 10 bytes, 625 bytes total
Jul 27 11:53:22 localhost sendmail[2486]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Jul 27 11:53:22 localhost sm-msp-queue[2495]: starting daemon (8.12.8): queueing@01:00:00
antonio_ita

Unread post by antonio_ita »

I look in /var/log/secure, and I found the many entries like that:
Aug 21 11:20:26 host-xxxxx xinetd[3993]: START: smtp pid=4030 from=217.117.146.230
antonio_ita

Unread post by antonio_ita »

Other info that could help

Code: Select all

service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        instances       = UNLIMITED
        server          = /var/qmail/bin/tcp-env
        server_args     = /usr/sbin/rblsmtpd  -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
This is the etc/xinetd.d/smtp_psa
antonio_ita

Unread post by antonio_ita »

You won't believe it, it was a problem with the SPAM protection...

The problem has come to life because on the "old" server I had SPAM protection installed; when I installed PSA on the new server I didn't setup the related module, and when I restored the backup there's been the problem...

In fact in the PSA control panel the option was "gray"...

I removed the line /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org from the smtp_psa and smtps_psa and now it works fine...

I think I could solve even by installing the anti-spam module, but on the old server it wasn't very useful... maybe the spam-list server was wrong...

Now I just have to solve the problem with webmail...
antonio_ita

Unread post by antonio_ita »

Just solved also the second issue....

I had to disable gzip compression in the horde config file since it's already enabled on the whole server
Post Reply