From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 3 10:28:52 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BFBB37B404 for ; Thu, 3 Apr 2003 10:28:51 -0800 (PST) Received: from kurdistan.ath.cx (adsl-66-122-185-132.dsl.chic01.pacbell.net [66.122.185.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2958B43F93 for ; Thu, 3 Apr 2003 10:28:51 -0800 (PST) (envelope-from sereciya@kurdistan.ath.cx) Received: from kurdistan.ath.cx (ns1 [127.0.0.1]) by kurdistan.ath.cx (8.12.8/8.12.6) with ESMTP id h33ISmBd028342; Thu, 3 Apr 2003 10:28:48 -0800 (PST) (envelope-from sereciya@kurdistan.ath.cx) Received: (from sereciya@localhost) by kurdistan.ath.cx (8.12.8/8.12.6/Submit) id h33ISlAC028341; Thu, 3 Apr 2003 10:28:47 -0800 (PST) Date: Thu, 3 Apr 2003 10:28:47 -0800 From: Sereciya Kurdistani To: freebsd-ipfw@freebsd.org Message-ID: <20030403182847.GC23675@kurdistan.ath.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Subject: Quick IPFW Question Concerning Sendmail X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Apr 2003 18:28:52 -0000 Hello, I have a quick question for you ipfw/firewall experts out there. I've have set up an elaborate firewall only to have trouble with Sendmail. I have opened port 25 incoming, and also allow outgoing to another port 25, but I always find stuck mail when I use "mailq". Using tcpdump -- and no firewall -- I've found that between the dns lookups and smtp connections there are in fact some auth lookups too. I opened incoming port 113 and outgoing to 113 but I still have stuck mail! Any help would be greately appreciated, many thanks in advance! -Sereciya Kurdistani PS My basic rules look like: ipfw add NNNN allow \{ tcp or udp \} from any to any smtp,smtps out ipfw add NNNN allow \{ tcp \} log from any to any smtp,smtps in ipfw add NNNN allow \{ tcp or udp \} from any to any auth out ipfw add NNNN allow \{ tcp \} log from any to any auth in and yes, this is ipfw2 on 4.8-STABLE