Meenoo Shivdasani wrote:
But these aren't SMTP connections. The source is port 25, but the destination is not. The mail server is running normally. I'm allowing new SMTP connections and traffic for established connections.
They are SMTP connections -- your server initiates a connection to port 25 on the remote server. Thus, when the connection is set up the remote server will be responding with source port 25 and destination port = source port of the initiated connection.
I understand that. What I meant was that iptables will not see them as SMTP connections since the destination is not port 25.
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
I think the ACCEPT all line should catch these, but you might try adding RELATED,ESTABLISHED specifically to the dpt:25 line.
Which will not match these connections since the dest port is not 25. I could put a RELATED, ESTABLISHED line in for source port 25, but as you said, the "ACCEPT all" line should catch them anyway.