On 7/8/2011 4:51 PM, Brian Evans - Postfix List wrote:
On 7/8/2011 4:43 PM, Jeffrey Starin wrote:
On 7/8/2011 4:39 PM, Jeroen Geilman wrote:
On 2011-07-08 22:37, Jeffrey Starin wrote:
On 7/8/2011 4:21 PM, Jeroen Geilman wrote:
On 2011-07-08 21:06, Jeffrey Starin wrote:
When I turn off the firewall (which I am loath to do) to my VPS I
am able to use the command smtp_bind_address just fine.
Otherwise, with firewall turned on, I am getting these time out
errors in my maillog files:
Jul 7 13:00:34 who postfix/smtp[40187]: connect to
127.0.0.1[127.0.0.1]: Connection timed out (port 10027)
You will have to allow access from localhost to port 10027 on
localhost.
--
J.
The following is in there. I'm certainly no iptables expert but
don't the following rules cover that?
Chain INPUT (policy ACCEPT):
. . .
ACCEPT all -- localhost.localdomain anywhere
. . .
and in Chain OUTPUT (policy ACCEPT):
. . .
ACCEPT all -- anywhere localhost.localdomain
. . .
That depends entirely on what localhost.localdomain stands for.
DNS names have no place in iptables rules - they slow it to a crawl,
for one thing.
--
J.
more /etc/hosts:
127.0.0.1 localhost.localdomain localhost
the_ip_address_listed_in_smpt_bind_address the_TLD
the_host_name
I would think that would work but it's not. . .
What you seem to be missing is a rule from this hidden smtp_bind_address
to 127.0.0.1 for port 10027.
When you do not bind, it is most likely that your kernel selecting the
loopback interface and your rules ACCEPT it.
Nit: Those rules look a bit of a mess with duplicates too, unless
columns were cut out.
Brian
I thought the rules were a bit of a mess, too until I examined them very
carefully. They do look like duplicates but one rule may in fact use
udp and the other tcp.
Are you saying I need an explicit rule for that smtp_bind_address to
127.0.0.1 for port 10027?
Thank you.
