From: klavs klavsen (kl_at_vsen.dk)
Date: Wed 20 Mar 2002 - 17:26:16 GMT
This is not really an appropriate discussion for the vserver list, but
here goes :-)
On Wed, 2002-03-20 at 17:33, raanders_at_acm.org wrote:
> I'm having a problem with sendmail on a vserver. When I send mail to the
> domain I keep getting refused connections. It looks to me like I have an
> ipchain issue in the main server but I'm not up enough on ipchains and how
> vserver handles the IP aliases for vservers.
if so, and you have set --log I believe it is on all your -j DENY lines
and end the chains with a DENY policy with a log all rule, you should
see the packets where your /etc/syslogd.conf logs kern.* (usually
/var/log/messages..) you can do "grep -irl kernel /var/log/*" to see
which file kernel logs to.
> Could some one that has sendmail accepting e-mail in a vserver send me a
> copy of their /etc/sysconfig/ipchains file? I hesitate to just disable
> ipchains to see if that is the problem because I've been hit a lot lately.
ipchains should not be your only defence - it shouldn't matter wether or
not you disable ipchains shortly.. clean up your netstat -nta and
netstat -nua output so no process listens, that you can't actually
trust. you should consider running portsentry also. If someone portscans
you, it will DENY them access to everything including otherwise allowed
services on the server.
> Or an good slap up along the side of the virtual head if I'm missing
> something really obvious.
most likely your sendmail is configured wrong.. try doing telnet to your
mailserver and see if you can send mail that way.. if you the banner
from the mailserver it's probably not an ipchains problem.
btw. you should consider changing to something like postfix - it's more
secure and it's a lot easier to setup as it uses a human readable
configuration file (i know sendmail has it's m4 assimilite config -
but's it not really that great if you ask me :-)
-- Regards, Klavs Klavsen
-------------| This mail has been sent to you by: |------------ Klavs Klavsen - Open Source Consultant kl_at_vsen.dk - http://www.vsen.dk
Get PGP key from www.keyserver.net - Key ID: 0x586D5BCA Fingerprint = A95E B57B 3CE0 9131 9D15 94DA E1CD 641E 586D 5BCA --------------------[ I believe that... ]----------------------- It is a myth that people resist change. People resist what other people make them do, not what they themselves choose to do... That's why companies that innovate successfully year after year seek their peopl's ideas, let them initiate new projects and encourage more experiments. -- Rosabeth Moss Kanter