[CentOS] Sendmail, localloop, and iptables -- should I be more paranoid?

Mon Nov 22 22:52:31 UTC 2010
Alexander Dalloz <ad+lists at uni-x.org>

Am 22.11.2010 16:11, schrieb Robert Moskowitz:
> By default, sendmail only listens on the localloop:
> DAEMON_OPTIONS(`Port=smtp,Addr=, Name=MTA')dnl
> But by default to allow sendmail to even work the iptables entry is:
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j 
> Without this, sendmail can't even connect to localloop.  

No, that is not correct. You miss to see the following rule

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

in the default /etc/sysconfig/iptables config file. So there is no
problem where you see one.

> But should I 
> handedit this line to something like:
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -d 
> --dport 25 -j ACCEPT
> And once you handedit iptables, you can't use the gnome firewall applet, 
> I suspect...