Zimbra :: Forums - View Single Post - Connection refused = no mail delivered locally with lmtp

denisb · #9 (**permalink**) 05-02-2006, 05:05 AM

No central firewall, the only thing would be the Iptables setup which I outlined above.

I also (to debug) moved all the iptables rules covering the Zimbra internal ports to accept any source address, so the current ruleset is like this:

Code:

target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  office.mycompany.com anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7025
ACCEPT     tcp  --  zimbraserver.mydomain.com    anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  localhost.localdomain  anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7025
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ldap
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:10024
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:10025
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7306
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7307
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:3310
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7780
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:8005
REJECT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp reject-with icmp-port-unreachable
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:7071
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ldaps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:99
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

And as I said, I tried telnet to the relevant ports, both on the public and localhost addresses. It works.

SELinux is set to :
SELINUX=permissive
SELINUXTYPE=targeted

Which should mean (AFAIK) that it does never "block" anything, only warns.