A szédelgős postás - Postfix

Fórumok

A szédelgős postás - Postfix

Hozzászólások

Sziasztok!

Kérlek segitsetek, mert iszonyú nagy problémával állok szemben!
a következő a helyzet: van 1 postfix+fetchmail páros akik hozzák-viszik a leveleket. Eddig ment is minden. Most annyi változott, hogy letiltottam a netbios-ssn nek megfelelő portot (445) jobban mondva a samba részére csináltam egy új szabályta tűzfalon, mert külső fix ip-s samba kliens várható. Azóta a postfix minden levelemet nagy ívben a kuka felé hajítja, semmit se kapok meg. Egyedül a local delivery müx úgy-ahogy.
A postfix main.cf-je kommentek nélkül ilyen:

[code:1:f6b6e26565]

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = cissw.myftp.biz

mydomain = cissw.myftp.biz

myorigin = cissw.myftp.biz

inet_interfaces = all

unknown_local_recipient_reject_code = 450

home_mailbox = Maildir/

mailbox_command = /usr/bin/procmail

debug_peer_level = 2

debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = no
[/code:1:f6b6e26565]
Konfig: sarge+ gyári fetchmail és postfix,tls-sel
a pflogsumm ilyeneket ad:
[code:1:f6b6e26565]
message deferral detail
-----------------------
smtp (total: 6)
5 freemail.hu[195.228.242.195]: Connection timed out
1 mail.hdsnet.hu[193.110.56.2]: Connection timed out

message bounce detail (by relay)
--------------------------------
local (total: 2)
2 Command died with status 1: "/usr/bin/procmail"
none (total: 1)
1 [hdsnet.hu]: Name or service not known
[/code:1:f6b6e26565]

Próbáltam már kikommentezni a procmailos részt, de semmi javulás.
Tűzfal:
[code:1:f6b6e26565]
Chain INPUT (policy ACCEPT)
target prot opt source destination
antilo all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain antilo (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:discard
DROP udp -- anywhere anywhere udp dpt:chargen
DROP udp -- anywhere anywhere udp dpt:31
DROP tcp -- anywhere anywhere tcp dpt:domain
DROP tcp -- anywhere anywhere tcp dpt:58
DROP tcp -- anywhere anywhere tcp dpt:tacacs-ds
DROP tcp -- anywhere anywhere tcp dpt:bootps
DROP tcp -- anywhere anywhere tcp dpt:finger
DROP tcp -- anywhere anywhere tcp dpt:90
DROP tcp -- anywhere anywhere tcp dpt:pop3
DROP tcp -- anywhere anywhere tcp dpt:auth
DROP tcp -- anywhere anywhere tcp dpt:nntp
DROP tcp -- anywhere anywhere tcp dpt:121
DROP tcp -- anywhere anywhere tcp dpt:pwdgen
DROP tcp -- anywhere anywhere tcp dpt:loc-srv
DROP udp -- anywhere anywhere udp dpt:loc-srv
DROP tcp -- anywhere anywhere tcp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP tcp -- anywhere anywhere tcp dpt:netbios-dgm
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
szamba tcp -- anywhere anywhere tcp dpt:netbios-ssn
szamba udp -- anywhere anywhere udp dpt:netbios-ssn
szamba tcp -- anywhere anywhere tcp dpt:microsoft-ds
szamba udp -- anywhere anywhere udp dpt:microsoft-ds
DROP tcp -- anywhere anywhere tcp dpt:146
DROP tcp -- anywhere anywhere tcp dpt:421
DROP tcp -- anywhere anywhere tcp dpt:456
DROP tcp -- anywhere anywhere tcp dpt:conference
DROP tcp -- anywhere anywhere tcp dpt:555
DROP tcp -- anywhere anywhere tcp dpt:666
DROP tcp -- anywhere anywhere tcp dpt:moira_update
DROP tcp -- anywhere anywhere tcp dpt:911
DROP tcp -- anywhere anywhere tcp dpt:999
DROP tcp -- anywhere anywhere tcp dpt:9400
DROP tcp -- anywhere anywhere tcp dpt:9999
DROP tcp -- anywhere anywhere tcp dpt:1000
DROP tcp -- anywhere anywhere tcp dpt:customs
DROP tcp -- anywhere anywhere tcp dpt:1011
DROP tcp -- anywhere anywhere tcp dpt:1012
DROP tcp -- anywhere anywhere tcp dpt:1015
DROP tcp -- anywhere anywhere tcp dpt:1024
DROP udp -- anywhere anywhere udp dpt:1025
DROP tcp -- anywhere anywhere tcp dpt:1027
DROP tcp -- anywhere anywhere tcp dpt:1029
DROP tcp -- anywhere anywhere tcp dpt:1032
DROP tcp -- anywhere anywhere tcp dpt:1033
DROP tcp -- anywhere anywhere tcp dpt:1042
DROP tcp -- anywhere anywhere tcp dpt:1045
DROP tcp -- anywhere anywhere tcp dpt:socks
DROP tcp -- anywhere anywhere tcp dpt:1090
DROP tcp -- anywhere anywhere tcp dpt:1170
DROP tcp -- anywhere anywhere tcp dpt:1207
DROP tcp -- anywhere anywhere tcp dpt:1234
DROP tcp -- anywhere anywhere tcp dpt:1243
DROP tcp -- anywhere anywhere tcp dpt:1245
DROP tcp -- anywhere anywhere tcp dpt:1269
DROP udp -- anywhere anywhere udp dpt:1349
DROP tcp -- anywhere anywhere tcp dpt:1394
DROP tcp -- anywhere anywhere tcp dpt:1492
DROP tcp -- anywhere anywhere tcp dpt:1505
DROP udp -- anywhere anywhere udp dpt:1505
DROP tcp -- anywhere anywhere tcp dpt:1509
DROP tcp -- anywhere anywhere tcp dpt:1600
DROP tcp -- anywhere anywhere tcp dpt:1604
DROP tcp -- anywhere anywhere tcp dpt:1604
DROP tcp -- anywhere anywhere tcp dpt:1807
DROP tcp -- anywhere anywhere tcp dpt:1981
DROP tcp -- anywhere anywhere tcp dpt:1999
DROP tcp -- anywhere anywhere tcp dpt:sieve
DROP tcp -- anywhere anywhere tcp dpt:2001
DROP tcp -- anywhere anywhere tcp dpt:2002
DROP tcp -- anywhere anywhere tcp dpt:cfinger
DROP tcp -- anywhere anywhere tcp dpt:2004
DROP tcp -- anywhere anywhere tcp dpt:2005
DROP tcp -- anywhere anywhere tcp dpt:2023
DROP tcp -- anywhere anywhere tcp dpt:2115
DROP tcp -- anywhere anywhere tcp dpt:2140
DROP udp -- anywhere anywhere udp dpt:2140
DROP tcp -- anywhere anywhere tcp dpt:2155
DROP tcp -- anywhere anywhere tcp dpt:2283
DROP tcp -- anywhere anywhere tcp dpt:2565
DROP tcp -- anywhere anywhere tcp dpt:mon
DROP tcp -- anywhere anywhere tcp dpt:2716
DROP tcp -- anywhere anywhere tcp dpt:2721
DROP tcp -- anywhere anywhere tcp dpt:2801
DROP udp -- anywhere anywhere udp dpt:afmbackup
DROP tcp -- anywhere anywhere tcp dpt:3024
DROP tcp -- anywhere anywhere tcp dpt:3028
DROP tcp -- anywhere anywhere tcp dpt:3129
DROP tcp -- anywhere anywhere tcp dpt:3150
DROP udp -- anywhere anywhere udp dpt:3150
DROP tcp -- anywhere anywhere tcp dpt:3459
DROP tcp -- anywhere anywhere tcp dpt:3700
DROP tcp -- anywhere anywhere tcp dpt:3791
DROP udp -- anywhere anywhere udp dpt:3801
DROP tcp -- anywhere anywhere tcp dpt:4100
DROP tcp -- anywhere anywhere tcp dpt:4092
DROP tcp -- anywhere anywhere tcp dpt:4567
DROP tcp -- anywhere anywhere tcp dpt:4590
DROP tcp -- anywhere anywhere tcp dpt:5000
DROP tcp -- anywhere anywhere tcp dpt:5001
DROP tcp -- anywhere anywhere tcp dpt:5011
DROP tcp -- anywhere anywhere tcp dpt:5031
DROP tcp -- anywhere anywhere tcp dpt:5032
DROP tcp -- anywhere anywhere tcp dpt:5321
DROP tcp -- anywhere anywhere tcp dpt:5400
DROP tcp -- anywhere anywhere tcp dpt:5401
DROP tcp -- anywhere anywhere tcp dpt:5402
DROP tcp -- anywhere anywhere tcp dpt:5521
DROP tcp -- anywhere anywhere tcp dpt:5550
DROP tcp -- anywhere anywhere tcp dpt:5512
DROP tcp -- anywhere anywhere tcp dpt:rplay
DROP tcp -- anywhere anywhere tcp dpt:rptp
DROP tcp -- anywhere anywhere tcp dpt:5557
DROP tcp -- anywhere anywhere tcp dpt:5569
DROP tcp -- anywhere anywhere tcp dpt:5637
DROP tcp -- anywhere anywhere tcp dpt:5638
DROP tcp -- anywhere anywhere tcp dpt:5714
DROP tcp -- anywhere anywhere tcp dpt:5741
DROP tcp -- anywhere anywhere tcp dpt:5742
DROP tcp -- anywhere anywhere tcp dpt:x11
DROP tcp -- anywhere anywhere tcp dpt:gnutella-svc
DROP tcp -- anywhere anywhere tcp dpt:6400
DROP tcp -- anywhere anywhere tcp dpt:6670
DROP tcp -- anywhere anywhere tcp dpt:6671
DROP tcp -- anywhere anywhere tcp dpt:6711
DROP tcp -- anywhere anywhere tcp dpt:6712
DROP tcp -- anywhere anywhere tcp dpt:6713
DROP tcp -- anywhere anywhere tcp dpt:6723
DROP tcp -- anywhere anywhere tcp dpt:6771
DROP tcp -- anywhere anywhere tcp dpt:6776
DROP udp -- anywhere anywhere udp dpt:6838
DROP tcp -- anywhere anywhere tcp dpt:6912
DROP tcp -- anywhere anywhere tcp dpt:6939
DROP tcp -- anywhere anywhere tcp dpt:6969
DROP tcp -- anywhere anywhere tcp dpt:6970
DROP tcp -- anywhere anywhere tcp dpt:afs3-fileserver
DROP tcp -- anywhere anywhere tcp dpt:7028
DROP udp -- anywhere anywhere udp dpt:7028
DROP tcp -- anywhere anywhere tcp dpt:7300
DROP tcp -- anywhere anywhere tcp dpt:7301
DROP tcp -- anywhere anywhere tcp dpt:7306
DROP tcp -- anywhere anywhere tcp dpt:7307
DROP tcp -- anywhere anywhere tcp dpt:7308
DROP tcp -- anywhere anywhere tcp dpt:7597
DROP tcp -- anywhere anywhere tcp dpt:7789
DROP udp -- anywhere anywhere udp dpt:7983
DROP tcp -- anywhere anywhere tcp dpt:webcache
DROP tcp -- anywhere anywhere tcp dpt:8787
DROP udp -- anywhere anywhere udp dpt:8787
DROP tcp -- anywhere anywhere tcp dpt:8879
DROP udp -- anywhere anywhere udp dpt:8879
DROP udp -- anywhere anywhere udp dpt:9325
DROP tcp -- anywhere anywhere tcp dpt:9872
DROP tcp -- anywhere anywhere tcp dpt:9873
DROP tcp -- anywhere anywhere tcp dpt:9874
DROP tcp -- anywhere anywhere tcp dpt:9875
DROP tcp -- anywhere anywhere tcp dpt:9876
DROP tcp -- anywhere anywhere tcp dpt:9878
DROP tcp -- anywhere anywhere tcp dpt:9989
DROP tcp -- anywhere anywhere tcp dpt:10067
DROP udp -- anywhere anywhere udp dpt:10067
DROP tcp -- anywhere anywhere tcp dpt:10167
DROP udp -- anywhere anywhere udp dpt:10167
DROP udp -- anywhere anywhere udp dpt:10498
DROP tcp -- anywhere anywhere tcp dpt:10520
DROP tcp -- anywhere anywhere tcp dpt:10607
DROP tcp -- anywhere anywhere tcp dpt:10666
DROP tcp -- anywhere anywhere tcp dpt:11000
DROP tcp -- anywhere anywhere tcp dpt:11050
DROP tcp -- anywhere anywhere tcp dpt:11223
DROP tcp -- anywhere anywhere tcp dpt:12076
DROP tcp -- anywhere anywhere tcp dpt:12223
DROP tcp -- anywhere anywhere tcp dpt:12345
DROP tcp -- anywhere anywhere tcp dpt:12346
DROP tcp -- anywhere anywhere tcp dpt:12456
DROP tcp -- anywhere anywhere tcp dpt:12361
DROP tcp -- anywhere anywhere tcp dpt:12362
DROP tcp -- anywhere anywhere tcp dpt:12631
DROP tcp -- anywhere anywhere tcp dpt:12701
DROP tcp -- anywhere anywhere tcp dpt:12754
DROP tcp -- anywhere anywhere tcp dpt:13000
DROP tcp -- anywhere anywhere tcp dpt:13700
DROP tcp -- anywhere anywhere tcp dpt:15104
DROP tcp -- anywhere anywhere tcp dpt:16484
DROP tcp -- anywhere anywhere tcp dpt:16959
DROP tcp -- anywhere anywhere tcp dpt:16969
DROP tcp -- anywhere anywhere tcp dpt:17300
DROP udp -- anywhere anywhere udp dpt:18753
DROP tcp -- anywhere anywhere tcp dpt:20000
DROP tcp -- anywhere anywhere tcp dpt:20001
DROP tcp -- anywhere anywhere tcp dpt:20034
DROP tcp -- anywhere anywhere tcp dpt:20203
DROP tcp -- anywhere anywhere tcp dpt:20331
DROP tcp -- anywhere anywhere tcp dpt:20432
DROP tcp -- anywhere anywhere tcp dpt:20433
DROP tcp -- anywhere anywhere tcp dpt:21554
DROP udp -- anywhere anywhere udp dpt:21554
DROP tcp -- anywhere anywhere tcp dpt:22222
DROP tcp -- anywhere anywhere tcp dpt:23456
DROP tcp -- anywhere anywhere tcp dpt:23476
DROP tcp -- anywhere anywhere tcp dpt:23477
DROP tcp -- anywhere anywhere tcp dpt:26274
DROP udp -- anywhere anywhere udp dpt:26274
DROP tcp -- anywhere anywhere tcp dpt:asp
DROP udp -- anywhere anywhere udp dpt:asp
DROP udp -- anywhere anywhere udp dpt:27444
DROP udp -- anywhere anywhere udp dpt:27573
DROP tcp -- anywhere anywhere tcp dpt:27573
DROP tcp -- anywhere anywhere tcp dpt:27665
DROP tcp -- anywhere anywhere tcp dpt:29891
DROP tcp -- anywhere anywhere tcp dpt:30029
DROP tcp -- anywhere anywhere tcp dpt:30100
DROP tcp -- anywhere anywhere tcp dpt:30101
DROP tcp -- anywhere anywhere tcp dpt:30102
DROP tcp -- anywhere anywhere tcp dpt:30133
DROP tcp -- anywhere anywhere tcp dpt:30303
DROP tcp -- anywhere anywhere tcp dpt:30999
DROP udp -- anywhere anywhere udp dpt:31335
DROP tcp -- anywhere anywhere tcp dpt:31336
DROP udp -- anywhere anywhere udp dpt:31337
DROP tcp -- anywhere anywhere tcp dpt:31337
DROP tcp -- anywhere anywhere tcp dpt:31338
DROP udp -- anywhere anywhere udp dpt:31338
DROP tcp -- anywhere anywhere tcp dpt:31339
DROP tcp -- anywhere anywhere tcp dpt:31666
DROP tcp -- anywhere anywhere tcp dpt:31785
DROP udp -- anywhere anywhere udp dpt:31787
DROP tcp -- anywhere anywhere tcp dpts:31789:31791
DROP udp -- anywhere anywhere udp dpts:31789:31791
DROP tcp -- anywhere anywhere tcp dpt:32418
DROP tcp -- anywhere anywhere tcp dpt:33270
DROP tcp -- anywhere anywhere tcp dpt:33333
DROP udp -- anywhere anywhere udp dpt:33390
DROP tcp -- anywhere anywhere tcp dpt:33911
DROP tcp -- anywhere anywhere tcp dpt:34324
DROP tcp -- anywhere anywhere tcp dpt:37651
DROP tcp -- anywhere anywhere tcp dpt:40421
DROP tcp -- anywhere anywhere tcp dpt:40412
DROP tcp -- anywhere anywhere tcp dpt:40421
DROP tcp -- anywhere anywhere tcp dpt:40422
DROP tcp -- anywhere anywhere tcp dpt:40423
DROP tcp -- anywhere anywhere tcp dpt:40425
DROP tcp -- anywhere anywhere tcp dpt:40426
DROP tcp -- anywhere anywhere tcp dpt:43210
DROP tcp -- anywhere anywhere tcp dpt:47252
DROP udp -- anywhere anywhere udp dpt:47262
DROP udp -- anywhere anywhere udp dpt:49301
DROP tcp -- anywhere anywhere tcp dpt:50505
DROP tcp -- anywhere anywhere tcp dpt:50776
DROP tcp -- anywhere anywhere tcp dpt:53001
DROP tcp -- anywhere anywhere tcp dpt:54320
DROP udp -- anywhere anywhere udp dpt:54320
DROP tcp -- anywhere anywhere tcp dpt:54321
DROP udp -- anywhere anywhere udp dpt:54321
DROP udp -- anywhere anywhere udp dpt:57341
DROP tcp -- anywhere anywhere tcp dpt:57341
DROP tcp -- anywhere anywhere tcp dpt:60000
DROP tcp -- anywhere anywhere tcp dpt:61466
DROP tcp -- anywhere anywhere tcp dpt:61348
DROP tcp -- anywhere anywhere tcp dpt:61603
DROP tcp -- anywhere anywhere tcp dpt:63485
DROP tcp -- anywhere anywhere tcp dpt:65000
LOG icmp -- anywhere anywhere icmp echo-request limit: avg 1/min burst 5 LOG level warning prefix `Limitálva: '

Chain szamba (4 references)
target prot opt source destination
DROP all -- anywhere anywhere
[/code:1:f6b6e26565]

Névfeloldás sorrendje: először a saját bind9-em, utána a szolgáltató ns-je
Segítsetek, mert a címek alapján elveszett pár levelem már!!

Szia!

Öttlet: loopback interface komunikációját nem kellene engedni ahoz hogy a fetchmail át tudja adni a postfixnak a dolgokat?
Javaslom kapcsold be az eldobott csomagok logolását a tűzfalon, és azt szorgalmasan nézegesd a logot!

Üdv
kagy

Ááááá! man iptables, keres 'multiport':
-m multiport --dports 1,11,21,121,1121,stb,

off: default policy=drop es csak azt engedem ami kell, az nem ertelmesebb, mint accept, es 30-300000 drop rule?

Igen, ez stimolna is, csak akkor mégaz FTP se ment. teljesen megsüketült a gép. persze azóta rájöttem, hogy a def. policí lehet allow, felvenni explicite az allow szabályokat, majd a végére egy LOG és egy DROP szabály mely minden csomagra illeszkedik (már ami eljut odáig :)

Azóta sokat tanultam, de most egyéb okok miatt Win a Server, szóval a gond megoldódott. De köszönöm a hozzászólásokat, a témát lezárom.