Results 1 to 9 of 9

Thread: mail delivery queued after configuring linux firewall

  1. #1
    Join Date
    Mar 2008
    Posts
    3
    Rep Power
    7

    Default mail delivery queued after configuring linux firewall

    Guys,

    My ZCS has been working perfectly for a few days now with both web client and pop3 client access from the net.

    I enabled and configured my linux server firewall (according to the wiki), I can send emails but the cannot receive.

    I noticed that all incoming mails gets queued and not delivered to individual mail boxes.

    My server is directly connected to the net with public IP (thats why I want to setup the firewall).

    heres my port setings:
    # Accept Zimbra ports
    -A INPUT -p tcp -m tcp -m state --dport 25 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 80 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 110 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 143 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 389 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 443 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 465 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 993 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 7993 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 995 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 7995 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 7071 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 7025 --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp -m state --dport 8080 --state NEW -j ACCEPT

    Am I missing something? Do I need additional admin cnfiguration?

    Robert

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    If you followed the wiki article you seem to have missed port 22 & 161 that it also lists. What error messages are you seeing in the logs?
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Is the INPUT chain being tied down ? if not and you open up 22 and 161 to the world you may get a lot of nosey people probing your server

  4. #4
    Join Date
    Mar 2008
    Posts
    3
    Rep Power
    7

    Default

    Sorry SSH is also open, I just did not think its necessary to for ZCS to work properly thats why i did not include it on the list.

    I dont have active logging (which is my next problem). I can see the incoming emails on the admin site Mail Queues list under deferred column.

    That means emails are reaching the server but it just cannot be delivered to the right box

    Robert

  5. #5
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    As Phoenix said in his previous post please check your Log Files - Zimbra :: Wiki as this should show why things are being deferred.

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by infomate View Post
    Sorry SSH is also open, I just did not think its necessary to for ZCS to work properly thats why i did not include it on the list.

    I dont have active logging (which is my next problem). I can see the incoming emails on the admin site Mail Queues list under deferred column.

    That means emails are reaching the server but it just cannot be delivered to the right box

    Robert
    The likelihood is that you'll need a Split DNS set-up as you're behind the firewall, Postfix probably can't resolve the Zimbra server IP address.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Quote Originally Posted by infomate View Post
    My server is directly connected to the net with public IP (thats why I want to setup the firewall).
    If the server is on a public IP why would a split DNS be required ?

  8. #8
    Join Date
    May 2007
    Location
    Oklahoma
    Posts
    703
    Rep Power
    9

    Default

    If the mail is being queued, it's coming through the firewall. Since you say it's being queued but not delivered to the individual mailboxes, I don't think it's a firewall issue.

  9. #9
    Join Date
    Mar 2008
    Posts
    3
    Rep Power
    7

    Default

    Thank you guys for the replies.

    As I mentioned above that my log is not working, I was able to find out that under Fedora 8 the logger should rsyslog not syslog, after fiddling for a few days I finally got it to log.

    Back to my main prob. As per Bill, I was thinking in the same line, that its not a firewall issue. But thats the only thing I did that caused the mails to get stuck in que. After re-doing the same 3 times (activating and deactivating the firewall) It suddenly worked with not problems.


    Next question is, how robust would my system be, facing the net with public IP with just the linux firewall to defend it? should another router/firewall be necessary?

    Are there other ways to harden zimbra?

    Again thanks guys

Similar Threads

  1. Problems with port 25
    By yogiman in forum Installation
    Replies: 57
    Last Post: 06-13-2011, 01:55 PM
  2. Replies: 7
    Last Post: 02-03-2011, 06:01 AM
  3. Issues...
    By timothyalangorman in forum Administrators
    Replies: 3
    Last Post: 11-19-2007, 09:43 AM
  4. fresh install down may be due to tomcat
    By gon in forum Installation
    Replies: 10
    Last Post: 07-25-2007, 08:09 AM
  5. receiveing mail
    By maybethistime in forum Administrators
    Replies: 15
    Last Post: 12-09-2005, 03:55 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •