On Mon, Aug 13, 2001 at 05:48:57PM +0200, Wolfgang Pichler wrote: > Brett Randall [mailto:[EMAIL PROTECTED]] > > On Mon, 13 Aug 2001 16:56:32 +0200, "Wolfgang Pichler" <[EMAIL PROTECTED]> >said: > > > It's a little bit off topic, > > comp.security.firewalls > > comp.os.linux.networking Tell me, Wolfgang, which part of off topic did you misinterpret? > > > but does anywhere know which ports to open on my firewall so that > > > qmail works correctly. > > 25 outbound if you only want to send e-mail to external sites. 25 > > inbound as well if you have a mail server in a DMZ. > I have no mail server in DMZ Do you have a DMZ at all? How do you expect *any*one to correctly guess your setup? > > > At the moment I've opend dns,smtp and pop3 but when i activate the > > > firewall some messages can't be delivered (wasn't able to establish > > > an smtp connection), > > > Log entries? Kernel details? OS even? > OS: Linux 2.4.4-smp with iptables v 1.2.1a http://kernel.org/: The latest stable version of the Linux kernel is: 2.4.8 2001-08-11 04:13 UTC http://netfilter.samba.org/: May 07 2001 iptables 1.2.2 Soooo... you're running a stock Linux distribution. You have all the necessary information for setting up your toy-firewall right at your fscking fingertips. Why are you asking your question in the *wrong forum*? > > > but when i try to telnet to the specified rcpt-server everything > > > works really fine. > > rcpt-server = really crazy parrot tarot-server? What do you mean, > > rcpt-server? Do you mean the remote MX? > with rcpt-server i mean the mean the highest prior MX server from > the dns server. Then why didn't you say so? And before you submit your question to news:comp.os.linux.networking, make sure to write a protocol of that session. > > > So what happend here ? (if i open the firewall for everything, then > > > the messages are leaving the queue) > > Nice... I think it's probably safer you leave the firewall open. > > Really. > iptables -A OUTPUT -p tcp --dport smtp -s myip -m state --state NEW,ESTABLISHED -j >ACCEPT Without the output of iptables -L, this is rubbish. WTF is "myip"? Why did you not read http://learn.to/edit_messages/ before writing in a technical forum? Why is your MUA setup totally broken? Nudlaug... -- Robin S. Socha http://socha.net Do not Cc: me. Ever.