Zitat von Jeffrey Starin <jeffrey.sta...@gmail.com>:
On 7/8/2011 4:46 PM, Jeroen Geilman wrote:Thanks for your suggestions. But I'm trying to find out what in the iptables chains/policies is causing this problem. I can't disable iptables that would disable the firewall. So I am back to square one, it seems.On 2011-07-08 22:43, Jeffrey Starin wrote:On 7/8/2011 4:39 PM, Jeroen Geilman wrote:On 2011-07-08 22:37, Jeffrey Starin wrote:On 7/8/2011 4:21 PM, Jeroen Geilman wrote:The following is in there. I'm certainly no iptables expert but don't the following rules cover that?On 2011-07-08 21:06, Jeffrey Starin wrote:When I turn off the firewall (which I am loath to do) to my VPS I am able to use the command smtp_bind_address just fine.Otherwise, with firewall turned on, I am getting these time out errors in my maillog files:Jul 7 13:00:34 who postfix/smtp[40187]: connect to 127.0.0.1[127.0.0.1]: Connection timed out (port 10027)You will have to allow access from localhost to port 10027 on localhost. -- J.Chain INPUT (policy ACCEPT): . . . ACCEPT all -- localhost.localdomain anywhere . . . and in Chain OUTPUT (policy ACCEPT): . . . ACCEPT all -- anywhere localhost.localdomain . . .That depends entirely on what localhost.localdomain stands for.DNS names have no place in iptables rules - they slow it to a crawl, for one thing.-- J.more /etc/hosts: 127.0.0.1 localhost.localdomain localhostthe_ip_address_listed_in_smpt_bind_address the_TLD the_host_nameI would think that would work but it's not. . .You originally stated that it works when you disable iptables.This pretty much defines the parameters of the problem - it's limited to iptables.-- J.
http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf Part 7 may be helpful.... Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
