Question
iptables and incoming email blocked
I have postfix and dovecot installed and my emails work fine
- I can send emails out (local and external)
- I can receive emails in (local and external)
If I start building a firewall with iptables, I start to encounter problems.
- I can send emails out (local and external)
- I can receive emails only if it was sent from inside my domain.
- External emails trying to come in simply ‘disappear’. (I am connecting via POP3)
Here are some of the references that I have been using
Digital Ocean How to setup a firewall with iptables
Ubuntu Community iptables
Here are my iptables rules
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 587 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 995 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
Now when I send an email in from outside my network, this is what I see in my syslog in regards to the dropped packed.
Oct 21 17:40:09 breia dovecot: pop3-login: Login: user=<test1>, method=PLAIN, rip=58.173.60.47, lip=128.199.130.239, mpid=1381, TLS, session=<SsXjrPUFvwA6rTwv>
Oct 21 17:40:09 breia dovecot: pop3(test1): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Oct 21 17:40:30 breia kernel: [ 4253.135412] iptables denied: IN=eth0 OUT= MAC=04:01:2c:93:28:01:4c:96:14:ff:ff:f0:08:00 SRC=95.183.244.29 DST=128.199.130.239 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=39141 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 21 17:40:46 breia postfix/pickup[1030]: trigger_server_accept_local: trigger arrived
Oct 21 17:40:46 breia postfix/pickup[1030]: master_notify: status 0
Oct 21 17:40:46 breia postfix/pickup[1030]: master_notify: status 1
Oct 21 17:41:27 breia kernel: [ 4309.962349] iptables denied: IN=eth0 OUT= MAC=04:01:2c:93:28:01:4c:96:14:ff:ff:f0:08:00 SRC=64.189.75.2 DST=128.199.130.239 LEN=88 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=UDP SPT=53 DPT=33407 LEN=68
From Understanding iptables log, I have some understanding of what the log file means.
Could someone please help me to understand further what is happening, and how I can fix it so that I can receive emails from outside my domain.
Thank you,
Brent
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×