Today, my mail server stops sending and recieving mail. After checking, I see that if I stop iptables then the mail flow works again. In the log file, there are a lot of info about can not access to required services such as dns, amavisd, etc... as the following:
Code: Select all
Mar 2 09:18:52 mail postfix/smtp[18396]: 1E7E9202CE1: to=<abc@gmail.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)
Code: Select all
Mar 2 23:57:11 mail amavis[5707]: (05707-11) (!)Requesting process rundown, task exceeded allowed time
Mar 2 23:57:11 mail postfix/smtp[4839]: EF436202C4E: to=<minhhoang@x.x.x>, relay=127.0.0.1[127.0.0.1]:10024, delay=289, delays=1.1/0.01/0/288, dsn=4.3.2, status=deferred (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to RCPT TO command))
Code: Select all
[root@mail ~]# dig gmail.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 238
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gmail.com. IN A
;; ANSWER SECTION:
gmail.com. 299 IN A 216.58.199.5
;; Query time: 48 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Mar 2 23:58:57 2018
;; MSG SIZE rcvd: 43
Code: Select all
[zimbra@mail ~]$ zmcontrol -v
Release 8.7.1_GA_1670.RHEL6_64_20161025035141 RHEL6_64 FOSS edition.
Code: Select all
[root@mail ~]# iptables -nL --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00
2 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x3F
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x14
8 ACCEPT tcp -- x.x.x.x 0.0.0.0/0 state NEW tcp dpt:22
9 ACCEPT tcp -- y.y.y.y 0.0.0.0/0 state NEW tcp dpt:22
10 ACCEPT udp -- x.x.x.x 0.0.0.0/0 state NEW udp dpt:161
11 ACCEPT udp -- y.y.y.y 0.0.0.0/0 state NEW udp dpt:161
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED tcp spt:53
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED udp spt:53
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
16 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
17 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
18 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
19 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:465
20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:587
21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
23 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:7071
24 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:9071
25 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5 LOG flags 6 level 6 prefix `DROP ON INPUT: '
Chain FORWARD (policy DROP)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Many thanks,