25/tcp filtered what is blocking my access to sendmail
am 20.01.2007 17:03:07 von cristiangeorge1Guys,
This is really getting crazy: I've got sendmail 8.13.8 running on FC 6,
starttls configured. I can use whatever SMTP clients from inside LAN,
but no access from outside is getting through to port 25. I can't
telnet serverhost port 25. I did an NMAP scan from outside with my
firewall down I got the following:
Starting Nmap 4.11 ( http://www.insecure.org/nmap ) at 2007-01-20 17:52
E. Europe Standard Time
Interesting ports on XXXXXXXXXXX
Not shown: 1671 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
111/tcp open rpcbind
135/tcp filtered msrpc
136/tcp filtered profile
137/tcp filtered netbios-ns
138/tcp filtered netbios-dgm
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
1720/tcp filtered H.323/Q.931
Question: What is filtering my SMTP port? Could it be my ISP? I have
another email server running at my company and guess what? I can't
access that one either from outside, although emails come and go with
no problems. I've got my PC firewall down at the moment, no antivirus
running, still nothing.
And YES, sednmail is listening on all interfaces:
dnl # address restriction to accept email from the internet or
intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587
for
dnl # mail from MUAs that authenticate. Roaming users who can't reach
their
dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
------------------------------------------------------------ ------------------------------------------------------------ -
Just for the record, here are my iptables rules:
Nmap finished: 1 IP address (1 host up) scanned in 12.063 seconds
Chain INPUT (policy DROP 3359 packets, 186K bytes)
pkts bytes target prot opt in out source
destination
59 3932 ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
100 16969 ACCEPT all -- eth1 * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
27 3780 DROP all -- eth0 * X.X.X.X/24
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
XXXXXXXX tcp dpt:25 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
XXXXXXXX tcp dpt:3235 flags:0x17/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0
XXXXXXXX tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0
XXXXXXXX tcp dpt:110
0 0 ACCEPT udp -- * * 194.102.255.2
0.0.0.0/0 udp spt:53
0 0 ACCEPT udp -- * * 194.102.255.3
0.0.0.0/0 udp spt:53
6937 843K LOG all -- * * 0.0.0.0/0
0.0.0.0/0 LOG flags 0 level 4
3567 656K DROP udp -- * * 0.0.0.0/0
0.0.0.0/0
11 528 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:0x17/0x02
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:4125
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:1723
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 LOG flags 0 level 4
0 0 DROP tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 40 packets, 4176 bytes)
pkts bytes target prot opt in out source
destination