iptables for sendmail?

X

x882014-08-22 01:31:04

linux

x88, 2014-08-22 01:31:04

Good day, please tell me how to configure iptables for sendmail (port 25 is open, INPUT is DROP by default)
Accept If protocol is UDP and input interface is eth0 and state of connection is ESTABLISHED,RELATED
Accept If protocol is TCP and destination port is 25 and state of connection is NEW,ESTABLISHED
With these settings, sending takes ~20 seconds.
When using INPUT ACCEPT, sending occurs instantly.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

B

brutal_lobster, 2014-08-22
@x88

Nothing can be said from the information you provided.
Look at the output of iptables -S, iptables -t nat -S, etc. - perhaps the matter is in another rule (some kind of rate control ..) and this is a pure coincidence.
Enable verbose logging and see the difference in the sendmail logs.
Try manually sending and see what other traffic goes besides smtp.
Perhaps some tricky milter with a network socket is configured in sendmail - with the default DROP, it falls off by timeout (hence the delay), and with the default ACCEPT, it immediately gets some kind of thrashing.
In principle, sendmail can have a lot of things configured that are not obvious :)