On 7/8/2011 4:43 PM, Jeffrey Starin wrote: > On 7/8/2011 4:39 PM, Jeroen Geilman wrote: >> On 2011-07-08 22:37, Jeffrey Starin wrote: >>> On 7/8/2011 4:21 PM, Jeroen Geilman wrote: >>>> On 2011-07-08 21:06, Jeffrey Starin wrote: >>>>> When I turn off the firewall (which I am loath to do) to my VPS I >>>>> am able to use the command smtp_bind_address just fine. >>>>> >>>>> Otherwise, with firewall turned on, I am getting these time out >>>>> errors in my maillog files: >>>>> >>>>> Jul 7 13:00:34 who postfix/smtp[40187]: connect to >>>>> 127.0.0.1[127.0.0.1]: Connection timed out (port 10027) >>>> >>>> You will have to allow access from localhost to port 10027 on >>>> localhost. >>>> >>>> -- >>>> J. >>>> >>>> >>> The following is in there. I'm certainly no iptables expert but >>> don't the following rules cover that? >>> >>> Chain INPUT (policy ACCEPT): >>> . . . >>> ACCEPT all -- localhost.localdomain anywhere >>> . . . >>> >>> and in Chain OUTPUT (policy ACCEPT): >>> . . . >>> ACCEPT all -- anywhere localhost.localdomain >>> . . . >> >> That depends entirely on what localhost.localdomain stands for. >> >> DNS names have no place in iptables rules - they slow it to a crawl, >> for one thing. >> >> -- >> J. >> >> > more /etc/hosts: > > 127.0.0.1 localhost.localdomain localhost > the_ip_address_listed_in_smpt_bind_address the_TLD > the_host_name > > I would think that would work but it's not. . . What you seem to be missing is a rule from this hidden smtp_bind_address to 127.0.0.1 for port 10027.
When you do not bind, it is most likely that your kernel selecting the loopback interface and your rules ACCEPT it. Nit: Those rules look a bit of a mess with duplicates too, unless columns were cut out. Brian
