On 11/22/2010 05:52 PM, Alexander Dalloz wrote: > Am 22.11.2010 16:11, schrieb Robert Moskowitz: > >> By default, sendmail only listens on the localloop: >> >> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl >> >> But by default to allow sendmail to even work the iptables entry is: >> >> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j >> ACCEPT >> >> Without this, sendmail can't even connect to localloop. >> > No, that is not correct. You miss to see the following rule > > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > > in the default /etc/sysconfig/iptables config file. So there is no > problem where you see one. > Last week I built a new Centos 5.5 server. I installed logwatch and run logwatch to 'force' the output. Before I did that, I had created /root/.forward with my email address. Sendmail could not send the message. I went into the gnome firewall applet and allowed smtp, adding the rule I showed and still nothing. Then I figured that the message was queued (that is what maillog said) and would stay there for a while, so I restarted sendmail, and the message went right out. So empirical evidence strongly supports the need of this rule.