The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SMTP tweak problem

Discussion in 'E-mail Discussions' started by BubbaGum, Feb 4, 2005.

  1. BubbaGum

    BubbaGum Active Member

    Joined:
    Nov 10, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Western US
    Howdy,

    I have a box that whenever I enable the SMTP tweak, it blocks all email. On other boxes I see this in the iptables (output chain):

    ACCEPT tcp -- anywhere localhost tcp dpt:smtp
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER GID match mail
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER GID match mailman
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER UID match root
    REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable

    On this problem box I only see these lines after enabling the tweak:
    ACCEPT tcp -- anywhere localhost tcp dpt:smtp
    REJECT tcp -- anywhere anywhere tcp dpt:smtp reject-with icmp-port-unreachable

    I've flushed the output chain, tried al sorts of trick I can find iptables.org (without reading the whole doc set) that might apply. I've even tried to guess at the code to add it manually. here's one I tried to add with:

    iptables -A OUTPUT -p tcp -d 25 -j ACCEPT -m owner --uid-owner 0

    and about 50 iterations of it.

    Anyone have an idear how to add these 3 missing lines into the IP tables and then make them stick so they don't get kaboshed on a restart (no iptables-save doesn't do it). Missing lines below:

    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER GID match mail
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER GID match mailman
    ACCEPT tcp -- anywhere anywhere tcp dpt:smtp OWNER UID match root

    thanks in advance!
     
  2. BubbaGum

    BubbaGum Active Member

    Joined:
    Nov 10, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Western US
    anyone got any idears on this? I do not want to remove the two lines the smtp tweak did put in (as mentioned in other posts), I just want to add the missing ones. or is there a script somewhere I can tweak to add it back in?

    thanks
     
  3. racomnet

    racomnet BANNED

    Joined:
    Oct 6, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    0
    hy

    iptables -I OUTPUT -p tcp --dport 25 -m owner --uid-owner root -j ACCEPT
    iptables -I OUTPUT -p tcp --dport 25 -m owner --gid-owner mailman -j ACCEPT
    iptables -I OUTPUT -p tcp --dport 25 -m owner --gid-owner mail -j ACCEPT

    U have to run those command.
    If u add this line to your firewall then use A insetad of I .
    I hope this will help u

    Ps: sorry for editing this post, but is night :)
     
    #3 racomnet, Feb 7, 2005
    Last edited: Feb 7, 2005
  4. BubbaGum

    BubbaGum Active Member

    Joined:
    Nov 10, 2004
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Western US
    Thanks,

    very helpful. However I get this on this particular box (while other boxes will take it now):

    No chain/target/match by that name

    So I'm thinking some file or dir is locked so it can't write this type of command, however it takes a typical command to drop incoming or outgoing schtuff to IP addies or anything else I can think to add via iptables.

    I also noticed that when iptables-save is used, no file is written like it should be. So, I have no idear how to solve it now as all the perms and ownerships look okay fer all dirs in the path. When I try to manually create the iptables file that it saves to, then it is owned by mySQL and won't use it... just errors out looking at the file.

    So if anyone has run into this before ... lemme know. She's running rh 9 and cpanel 10 c52 (and edge, stable, and release versions make no diff on the outcome). It must be so simple I can't see it.

    ME
     
Loading...

Share This Page