Hello, I wanted to let you know about the problem I'm having with my email sending. If the firewall is active, the email sending function doesn't work and I can't access the extra ports I added. I would like to request your support regarding the cause of this situation. I noticed that the current configuration was causing a conflict with my email sending capabilities. I tried to resolve the issue by adding extra ports to the firewall's whitelist, but still without success. Thank you
Hi Thom, of course; Code: root@serve:~# ufw status numbered Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 22/tcp ALLOW IN Anywhere [ 3] 80 ALLOW IN Anywhere [ 4] 80/tcp ALLOW IN Anywhere [ 5] 443/tcp ALLOW IN Anywhere [ 6] 443 ALLOW IN Anywhere [ 7] 8080 ALLOW IN Anywhere [ 8] 8080/tcp ALLOW IN Anywhere [ 9] 21 ALLOW IN Anywhere [10] 8081 ALLOW IN Anywhere [11] Anywhere ALLOW IN 159.146.***.*** [12] 3512/tcp ALLOW IN Anywhere [13] 3516/tcp ALLOW IN Anywhere [14] 22 (v6) ALLOW IN Anywhere (v6) [15] 22/tcp (v6) ALLOW IN Anywhere (v6) [16] 80 (v6) ALLOW IN Anywhere (v6) [17] 80/tcp (v6) ALLOW IN Anywhere (v6) [18] 443/tcp (v6) ALLOW IN Anywhere (v6) [19] 443 (v6) ALLOW IN Anywhere (v6) [20] 8080 (v6) ALLOW IN Anywhere (v6) [21] 8080/tcp (v6) ALLOW IN Anywhere (v6) [22] 21 (v6) ALLOW IN Anywhere (v6) [23] 8081 (v6) ALLOW IN Anywhere (v6) [24] 3512/tcp (v6) ALLOW IN Anywhere (v6) [25] 3516/tcp (v6) ALLOW IN Anywhere (v6) Code: root@serve:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination f2b-sshd tcp -- anywhere anywhere multiport dports ssh ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain f2b-sshd (1 references) target prot opt source destination REJECT all -- 218.92.0.47 anywhere reject-with icmp-port-unreachable RETURN all -- anywhere anywhere Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:22 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:80 ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT udp -- anywhere anywhere udp dpt:443 ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT udp -- anywhere anywhere udp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT udp -- anywhere anywhere udp dpt:fsp ACCEPT tcp -- anywhere anywhere tcp dpt:tproxy ACCEPT udp -- anywhere anywhere udp dpt:8081 ACCEPT all -- ***.***.146.159.srv.turk.net anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:3512 ACCEPT tcp -- anywhere anywhere tcp dpt:3516 Chain ufw-user-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere root@serve:~#
Port number 25 is already added, added on ports 465 (SSL) and 587 (TLS), but it does not work when the firewall is active.
When I check ports over IP from different sites, I can see that ports 465, 587, 3512 are closed. @Taleman the mail.log file is a few MB, I could not share it. I deleted it to refresh but it didn't occur in the new file.
Update I think there is a bug in the ISPconfig firewall part. For this reason, I decided to add manually and after adding manually, the e-mail started to work. ---- Guide for other people. Code: root@serve:~# sudo ufw allow 3512/tcp Skipping adding existing rule Skipping adding existing rule (v6) root@serve:~# sudo ufw reset Resetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (y|n)? root@serve:~# y Backing up 'user.rules' to '/etc/ufw/user.rules.20230605_214110' Backing up 'before.rules' to '/etc/ufw/before.rules.20230605_214110' Backing up 'after.rules' to '/etc/ufw/after.rules.20230605_214110' Backing up 'user6.rules' to '/etc/ufw/user6.rules.20230605_214110' Backing up 'before6.rules' to '/etc/ufw/before6.rules.20230605_214110' Backing up 'after6.rules' to '/etc/ufw/after6.rules.20230605_214110'
It's more likely that it's an issue specific to your system or you made a typo in the port list as it works fine on thousands of other servers and it also works on all Debian and Ubuntu test systems. I asked to add port 25 as it was not added before according to your posts.
You're right about that. Port 25 was added earlier, as you can see in the screenshot in first post. However, I'm glad I managed to solve the problem somehow. Thank you eveyone for your help and your time.
