I'm running Redhat Linux 8.0 and using sendmail.

I have the firewall turned on and I'm not filtering any outbound traffic but while the firewall is active sendmail cannot connect to other mail servers to deliver outbound mail.

I can turn off the firewall from the terminal using:

service iptables stop

and the mail will send just fine. Turn the firewall back on:

service iptables start

and it's stalled!

I have spent two days now trying to solve this delima. I would appreciate some wisdom on this subject.

One other thing I have noticed is that I cannot do the following with the firewall on.

telnet mail.server.com 25

This is being blocked by the firewall also which I suspect is the same reason an application cannot connect to an outside smtp server.

NOTE: mail.server.com is a made up name. I used a real external server name.

paste your firewall rules with the command:
`iptables -L -n`

[root@snowmane root]# iptables -L -n

Chain INPUT (policy ACCEPT)
target prot opt source destination
IRULES all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain IRULES (1 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10101
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20000
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 0
ACCEPT udp -- 63.238.52.1 0.0.0.0/0 udp
ACCEPT udp -- 63.238.52.2 0.0.0.0/0 udp
DROP all -- 0.0.0.0/0 0.0.0.0/0

[root@snowmane root]#

add a rule to allow connections to port 25:

iptables -A INPUT -p tcp --dport 25 -j ACCEPT

that will atlest take care of the telnet issue, and who knows, it might clear up the other one too. But do that 1st and tell us what u get.

wait..u have that rule already...sorry.

i've given this much thought and can only recommend testing what goes on with a tool like tcpdump or ethereal.

Start ethereal, try to send an email and see what happens with the packets. Do it with the firewall on and off. If you don't have much experience with ethereal, play wit it for a while and you'll kinda pick up on what it does. Try to use that to debug what is going on.

Another question, are u able to recieve mail with the firewall up? And try adding the following rule:

iptables -A OUTPUT -j ACCEPT

i know it's the default policy for OUTPUT to ACCEPT already, but add it anyway just for kicks.

alright, let's customize your rules. What all do you want to do with your firewall? Is it a gateway? does it forward packets? What services do you want to allow? Add anything else you want your firewall to do and we'll come up with some rules for you.

If your rules aren't working, wipe 'em clean and let's make our own.