Check to see if firewall is blocking emails
First of all I am a newbie so please bare with me
I have followed instructions to set up email access via Postfix, Dovecot, MySQL through linode's tutorial. I can send an email out using mailx to my yahoo account however when I reply back from yahoo, the email bounces back. I tried accessing my linode via telnet on port 25, but got no response. I wanted to rule out the firewall before looking into my setup for postfix. Also from what I have read I do have a MX record in DNS Manager which points to mail.domainname.com. I was wondering if someone can tell me if my firewall is blocking emails. Below is the output of my iptables. Any help in this matter would be appreciated.
user@servername:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all – anywhere anywhere
REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT icmp -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
2 Replies
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 0 2001 2301/dovecot
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 0 1985 2301/dovecot
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 106 5454 2323/mysqld
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 0 1983 2301/dovecot
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 0 1999 2301/dovecot
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 301 2188/sshd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 0 6495 2456/master
tcp6 0 0 :::993 :::* LISTEN 0 2002 2301/dovecot
tcp6 0 0 :::995 :::* LISTEN 0 1986 2301/dovecot
tcp6 0 0 :::110 :::* LISTEN 0 1984 2301/dovecot
tcp6 0 0 :::143 :::* LISTEN 0 2000 2301/dovecot
tcp6 0 0 :::22 :::* LISTEN 0 303 2188/sshd
tcp6 0 0 :::25 :::* LISTEN 0 6496 2456/master
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 5340 2125/dhclient
udp 0 0 0.0.0.0:65114 0.0.0.0:* 0 242 2125/dhclient
udp 0 0 192.168.1.116:123 0.0.0.0:* 0 972 2821/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 0 971 2821/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 0 964 2821/ntpd
udp6 0 0 de90::f05c:91jf:fe7:123 :::* 0 975 2821/ntpd
udp6 0 0 ::1:123 :::* 0 974 2821/ntpd
udp6 0 0 2610:3c04::z09c:91j:123 :::* 0 973 2821/ntpd
udp6 0 0 :::123 :::* 0 965 2821/ntpd
udp6 0 0 :::34579 :::* 0 243 2125/dhclient
It turns out it was the way I opened up the ports. Putting up the solution incase someone runs into the same issue.
I commented out the below from my firewall rules:
-A INPUT -p tcp –dport 25 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
and added:
-A INPUT -p tcp -m state --state NEW --dport 25 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 110 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 587 -j ACCEPT