服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 即使在iptables中打开,端口993和995也不能打开
Intereting Posts
磁盘pipe理显示所有磁盘失败,并在更换磁盘后出现多余的点 如何使用Amazon Web Services安全地设置Neo4j MSMQ防火墙端口 一次限制一个连接的POP3邮箱? (达夫科特) ec2在音量调整后不会连接到公共IP上 WSGI / APACHE – “ImportError:No module named site” 如何恢复root密码? 通过PowerShell检索Internet代理服务器地址 Outlook如何自动确定邮件服务器的详细信息? 适用于Outlook系统范围的“可用”翻译,例如通过Exchange Server? 通过NTLM远程访问IIS 5.1 在Tomcat6中设置pipe理器path 在新机器上安装.Net Framework的Windows 7 使用TFS 2010的Windows Sharepoint Services 3的SQL数据库login失败 用国家代码注册域名

即使在iptables中打开,端口993和995也不能打开

您好,我有一个问题,IMAP和popup电子邮件客户端访问邮件服务器(后缀/ dovecot

telnet从服务器shell(Ubuntu的12.04,后缀,dovecot,spamassassin,amavis)端口587,25,110 465工程,但995和993超时

当我尝试将Outlook电子邮件客户端configuration为995并尝试发送testing电子邮件时,我在syslog中获得以下内容: 

Nov 30 08:17:41 kernel: iptables denied: IN=eth0 OUT= MAC=[MAC] SRC=[MYIP] DST=212.71.232.217 LEN=60 TOS=0x00 PREC=0x00 TTL=113 ID=21862 DF PROTO=TCP SPT=50534 DPT=995 WINDOW=8192 RES=0x00 SYN URGP=0

(用占位符replaceMAC和src ip) 

 Chain INPUT (policy DROP) target prot opt source destination fail2ban-ssh-ddos tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 982 fail2ban-ssh tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 982 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8069 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:8080:8090 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:60000:61000 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:982 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 5/min burst 5 LOG flags 0 level 7 prefix "iptables denied: " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ufw-before-logging-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-before-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-logging-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-reject-input all -- 0.0.0.0/0 0.0.0.0/0 ufw-track-input all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:995 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:993 Chain FORWARD (policy DROP) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ufw-before-logging-forward all -- 0.0.0.0/0 0.0.0.0/0 ufw-before-forward all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-forward all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-logging-forward all -- 0.0.0.0/0 0.0.0.0/0 ufw-reject-forward all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ufw-before-logging-output all -- 0.0.0.0/0 0.0.0.0/0 ufw-before-output all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-output all -- 0.0.0.0/0 0.0.0.0/0 ufw-after-logging-output all -- 0.0.0.0/0 0.0.0.0/0 ufw-reject-output all -- 0.0.0.0/0 0.0.0.0/0 ufw-track-output all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain fail2ban-ssh-ddos (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 ufw-skip-to-policy-input tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ufw-skip-to-policy-input udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 ufw-skip-to-policy-input all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ufw-user-forward all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 state INVALID DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 12 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68 ufw-not-local all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ACCEPT udp -- 0.0.0.0/0 239.255.255.250 udp dpt:1900 ufw-user-input all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ufw-user-output all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 state INVALID limit: avg 3/min burst 10 LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST RETURN all -- 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:993 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:995 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:587 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination

Netstat -ntlp显示: 

  netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 29580/dovecot tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 29580/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 29580/dovecot tcp 0 0 0.0.0.0:8069 0.0.0.0:* LISTEN 5961/python tcp 0 0 127.0.0.1:10023 0.0.0.0:* LISTEN 2991/postgrey.pid - tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 2932/amavisd (maste tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 4667/smtpd tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 2714/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 4647/smtpd tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 6304/redis-server tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 5885/memcached tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 29580/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 29580/dovecot tcp 0 0 127.0.0.1:783 0.0.0.0:* LISTEN 29522/spamd.pid tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 2310/apache2 tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5923/nginx tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 25761/master tcp 0 0 0.0.0.0:982 0.0.0.0:* LISTEN 2554/sshd tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 2951/postgres tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 25761/master tcp 0 0 127.0.0.1:45019 0.0.0.0:* LISTEN 29461/current tcp 0 0 127.0.0.1:8891 0.0.0.0:* LISTEN 5951/opendkim tcp6 0 0 :::587 :::* LISTEN 4647/smtpd tcp6 0 0 :::465 :::* LISTEN 25761/master tcp6 0 0 :::21 :::* LISTEN 6483/proftpd: (acce tcp6 0 0 :::982 :::* LISTEN 2554/sshd tcp6 0 0 :::25 :::* LISTEN 25761/master tcp6 0 0 :::443 :::* LISTEN 2310/apache2

我不知道什么可以阻止 – 在我看来,iptables显示相应的端口/服务将被打开…

我怎样才能debugging/找出什么是错的? 我只是看到,自ufw安装以来,有993和995多个条目 – 希望这不是一个问题…?

我不是一个专业,但仍然学习,所以请原谅任何明显的错误。

提前致谢!

防火墙规则的sorting很重要。 您需要将规则移到接受993和995以上日志和拒绝规则的stream量。

Paul Haldane说的。 上面:REJECT all – 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable