Meenoo Shivdasani wrote: >> But these aren't SMTP connections. The source is port 25, but the >> destination is not. The mail server is running normally. I'm allowing >> new SMTP connections and traffic for established connections. >> > > They are SMTP connections -- your server initiates a connection to > port 25 on the remote server. Thus, when the connection is set up the > remote server will be responding with source port 25 and destination > port = source port of the initiated connection. > I understand that. What I meant was that iptables will not see them as SMTP connections since the destination is not port 25. >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state >> RELATED,ESTABLISHED >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW >> tcp dpt:25 >> > > I think the ACCEPT all line should catch these, but you might try > adding RELATED,ESTABLISHED specifically to the dpt:25 line. > Which will not match these connections since the dest port is not 25. I could put a RELATED, ESTABLISHED line in for source port 25, but as you said, the "ACCEPT all" line should catch them anyway. -- Bowie