Wouldn't you need to allow dport 587 (tcp) out? I may be misreading the iptables commands though.
Sent from my Nokia phone -----Original Message----- From: Alekto Antarctica Sent: 01/02/2010 10:51:02 AM Subject: Re: [ossec-list] Re: Ossec V.2.3 - (g)mail problems Hi once aganin! I have finally manage to make ossec send mail notifications by configuring Postfix with Gmail SMTP (http://wiki.linuxmce.org/index.php/Postfix_configured_with_Gmail_SMTP) I am also using an Iptables script as my fw, the script has been working quite well on my system until now, because I don`t what ports to open so that ossec can send mail notifications while he fw is running, this is the rules that i have been trying with no success: # Allow outgoing SMTP traffic for ossec mail notifications iptables -A OUTPUT -o $INTERNET -p tcp --sport 465 --dport $UNPRIVPORTS -m state \ --state NEW -j ACCEPT iptables -A OUTPUT -o $INTERNET -p tcp --sport 25 --dport $UNPRIVPORTS -m state \ --state NEW -j ACCEPT # pop3 iptables -A OUTPUT -o $INTERNET -p tcp --sport 110 --dport $UNPRIVPORTS -m state \ --state NEW -j ACCEPT # Enable STARTTLS/SSL iptables -A OUTPUT -o $INTERNET -p tcp --sport 587 --dport $UNPRIVPORTS -m state \ --state NEW -j ACCEPT iptables -A OUTPUT -o $INTERNET -p udp --sport 587 --dport $UNPRIVPORTS -m state \ --state NEW -j ACCEPT please give me some hints on what ports I am missing!
