Mailinglist Archive: opensuse-security (228 mails)

< Previous Next >
Re: [suse-security] Problem with SuSEfirewall and Postfix SMTP?
  • From: Jürgen Mell <juergen.mell@xxxxxxxxxxx>
  • Date: Fri, 18 Mar 2005 07:08:36 +0100
  • Message-id: <200503180708.40643.juergen.mell@xxxxxxxxxxx>
Hi,

On Friday 18 March 2005 02:40, M. Edwin wrote:
> Jürgen Mell wrote:
> > Hi List,
>
> Hello
>
> > today we had an outage of our internet provider. The connection was
> > broken for several hours during which the mail server of the internet
> > provider stored our e-mails. Now after the connection is established
> > again these mails are sent to our own mail server from the provider's
> > server at a pretty high rate.
> >
> > Our system is SuSE 9.2 with Postfix 2.1.5 as the SMTP server and the
> > SUSEfirewall which comes with 9.2. All current patches are applied.
>
> What is the setting of firewall in connection with SMTP?

FW_SERVICES_EXT_TCP="http https smtp ssh ftp"

Adding

FW_TRUSTED_NETS="<Provider's mailserver IP>,tcp,25"

did not change anything.

>
> > The problem now is that after a small number of mails from our
> > provider the SMTP server does not accept any more connections. Instead
> > it complains about timeouts, lost connections or SMTP EOFs. When
> > telnetting to the server in this state a connection is made but there
> > is no prompt "220 <servername> ESMT Postfix". The only way to fix this
> > I found up to now is restarting Postfix (the cron job does it now
> > every 3 minutes...) but that is only a very crude fix. Even setting
> > the max_use parameter in main.cf to 1 to get a new smtpd for each
> > connection does not help. Has anybody an idea what is causing this
> > behaviour? Is it the firewall or is it Postfix or anything else who is
> > limiting the connections? There are some firewall errors in the logs,
> > but not nearly as many as the lost connections of the SMTP server:
> >
> > Mar 17 21:52:18 pluto kernel: SFW2-OUT-ERROR IN= OUT=dsl0 SRC=<our IP>
> > DST=<Provider's mail server IP> LEN=52 TOS=0x00 PREC=0x00 TTL=64
> > ID=3530 DF PROTO=TCP SPT=25 DPT=58506 WINDOW=1404 RES=0x00 ACK RST
> > URGP=0 OPT (0101080A015E41E40C059CEB)
> >
> > Any help would be greatly appriciated!
>
> How if someone send you email directly, or are there any email you
> receive after the connection establish again.

Postfix restarts the smtp daemons after some time. Then we can receive mail
again for some minutes but after that the system is blocked again.

> How is the record of your DNS (MX record)?

nslookup with querytype=MX tells

<our domain> mail exchanger = 20 <Provider's mail server>.
<out domain> mail exchanger = 10 mail.<our domain>.

Ciao

Jürgen
< Previous Next >
Follow Ups
References