> Date: Mon, 17 Mar 2014 18:51:53 +0000 > From: [email protected] (akhiezer) > To: BLFS Support List <[email protected]> > Subject: Re: [blfs-support] iptables again > > . > . > > > > Richard Melville wrote: > > > > > Maybe somebody has the answer to this -- it's only a minor point. > > > > > > > > > > I've set up msmtp and s-nail on a blfs server; I can send email, and > > > > > iptables is not blocking them but neither is it recording the packets > > > > > passed. When I had this issue before with a different service, > > > > > changing > > > > > sport to dport resolved it, but not this time. I've set the ports to > > > > > 25 > > > > > and I've also tried 587. Both work, but still no packets recorded. > > > (D'you mean the 25/587 wrt mstmp config, or iptables config, or both?) > > > > > > > > > > What commands are you trying to run? > > > > > > > > -- Bruce > > > > > > > > > > > I'm sending mail to a colleague via my gmail address with:- > > > > > > cat test.mail | msmtp -a gmail [email protected] > > > Can you set a command-line verbose flag for msmtp to report & log in more > detail what it's doing, just to double-check what port(s) it is actually > using in practice. > > > > > > > > where "gmail" is the name of my account in the .msmtprc file. > > > > > > As I say, the mail delivery works fine with my colleague receiving the > > > mail, and I get a copy in my gmail sent items. However, iptables -nvL > > > shows "0" in both the pkts and the bytes columns, as if nothing has been > > > sent. A minor point I know, but all my other traffic (ntp, http, dns, > > > ssh) > > > is recorded by iptables in those two columns. > > > > > > > > > Are you wanting to show incoming or outgoing traffic, or both, or what? > > > > > (OK, I guess from 'sent' that you mean outgoing traffic ... ). > > > > Does your firewall log the traffic for the relevant port numbers and > > for the relevant table (~== traffic-flow direction)? > > > > > ( s|table|table/chain| ). > > > > Depending on what table you're wanting to see stats for, you might > > need to use the '-t' flag for iptables to show the stats for the relevant > > table. You might also find the '--line-numbers' flag useful - e.g. for > > debugging. (And fwiw, I'd normally use the '-x' flag too). > > > > > (Long-shot: do try the '-x' - just on the outside chance that omitting > it is somehow rounding-down small-values to 0 ). > > > > If the above don't resolve it, then probably good idea to post your > > firewall file, plus the literal stats command line (if different from the > > 'iptables -nvL' posted above). > > > > > Maybe worth also doing: > -- > * log the stats immediately pre- test-message; > * send test email; perhaps also use/send known-size attachment; > * log the stats immediately post- test-message; > * diff the pre-/post- stats. > -- > Account for the differences pre-/post-: what caused which traffic; > so ideally do the test when non-test network traffic is low/nil; and NB > of course that often firewalls are set to only log a subset of traffic > (e.g. don't log stuff beyond the first n instances in present connection) > - so the byte-amounts logged might be less than the amount sent in your > test-email. > > > Overall, of course, it all depends on what firewall setup you've got in place. >
Richard. Did you get this sorted ok? rgds, akh -- -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
