Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?



Login with username, password and session length
October 24, 2014, 08:59:29 AM

Pages: [1]   Go Down
  Print  
Author Topic: Virtuozzo Firewall outgoing emails blocked  (Read 5616 times)
fabrini88
Trekkie
**
Offline Offline

Posts: 11


« on: August 06, 2009, 09:00:38 AM »

Hi, maybe someone has had a similar issue and found the solution..:

I have a vps with plesk 8.6, and I configured the virtuozzo firewall.

I selected the default system policy: Drop All.

And added custom rules to allow ports for: web(80),dns(53), POP(110), plesk(8880,8443), ssh...

For emails to be sent/received (smtp) I enabled:  Input: source any, destination 25 ; Output: source 25, destination any.

Emails are being received ok, but outgoing emails are stuck in the queue. Checking /usr/local/psa/var/log/maillog I see many messages saying:

"Sorry,_I_couldn't_find_any_host_by_that_name"
"Sorry,_I_wasn't_able_to_establish_an_SMTP_connection"

If I allow all tcp,udp on Input and Output, emails are sent OK, so I'm sure it's a firewall issue.

So any ideas why only allowing port 25 is not working?

Logged
conga3
Knows just enough to get in trouble.
Spacescooter Operator
*****
Offline Offline

Posts: 40


WWW
« Reply #1 on: August 06, 2009, 09:10:50 AM »

Sorry I can't help, but I'm interested in what you find out.

Keep us posted on your findings.

Logged
fabrini88
Trekkie
**
Offline Offline

Posts: 11


« Reply #2 on: August 07, 2009, 11:05:35 AM »

an update: 

I changed the "allow all tcp,udp on Input and Output" to:
- Allow Output all tcp, udp
- Allowed Input tcp, udp source ports 1025-65535, destination ports any.

Emails are being sent, but as you can see I still have ports 1025-65535 open...

When I restrict these ports, emails stop being sent..  Confused

I thought only opening 25 should work.. any ideas?
Logged
fabrini88
Trekkie
**
Offline Offline

Posts: 11


« Reply #3 on: August 07, 2009, 11:10:34 AM »


"- Allowed Input tcp, udp source ports 1025-65535, destination ports any."


correction it is:
- Allowed Input tcp, udp source ports ANY, destination ports 1025-65535
Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #4 on: August 13, 2009, 04:17:49 AM »

Hi Fabrini88,

You initial policy looks fine at the first glance. Have you been able to solve this issue?
Logged

Kind Regards,
Vlad Artamonov
fabrini88
Trekkie
**
Offline Offline

Posts: 11


« Reply #5 on: September 22, 2009, 04:40:43 PM »

Hi perestrelka,   Nope..  Sad  I had to leave ports 1025-65535 open
Logged
conga3
Knows just enough to get in trouble.
Spacescooter Operator
*****
Offline Offline

Posts: 40


WWW
« Reply #6 on: September 22, 2009, 07:32:21 PM »

Did you open a support ticket?
Logged
perestrelka
Administrator
Master Jedi
*****
Offline Offline

Posts: 1397



« Reply #7 on: October 05, 2009, 09:03:37 AM »


I agree about opening a support ticket as it is required to review the resulting firewall rules to see what can be wrong. Feel free to PM me, if you open a support ticket and there is no solution provided by admins.
Logged

Kind Regards,
Vlad Artamonov
Pages: [1]   Go Up
  Print  
 
Jump to: