[CentOS] Sendmail, localloop, and iptables -- should I be more paranoid?
Alexander Dalloz
ad+lists at uni-x.org
Mon Nov 22 22:52:31 UTC 2010
Am 22.11.2010 16:11, schrieb Robert Moskowitz:
> By default, sendmail only listens on the localloop:
>
> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>
> But by default to allow sendmail to even work the iptables entry is:
>
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j
> ACCEPT
>
> Without this, sendmail can't even connect to localloop.
No, that is not correct. You miss to see the following rule
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
in the default /etc/sysconfig/iptables config file. So there is no
problem where you see one.
> But should I
> handedit this line to something like:
>
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -d 127.0.0.1
> --dport 25 -j ACCEPT
>
> And once you handedit iptables, you can't use the gnome firewall applet,
> I suspect...
Alexander
More information about the CentOS
mailing list