Servidor Linux Bloqueando Outlook, incredmail...

1. Servidor Linux Bloqueando Outlook, incredmail...

MARCELO HENRIQUE BERNARDES RODRIGUES
marcelohbr

(usa CentOS)

Enviado em 22/06/2012 - 17:55h

Boa tarde galera!

Estou com um problema aki na empresa onde trabalho que eh o seguinte:
O meu servidor linux esta bloqueando o envio e recebimento de emails por smtp e pop3, uso normalmente o outlook, porem, testei tambem com o incredmail e nada resolveu.

Uso proxy squid nao autenticado e firewall iptables.

Soh quando acrescento essa regra:
# IP Assistencia
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.116 -d 0/0 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 0/0 -d 192.168.0.116 -p tcp -j ACCEPT

no meu firewall que consigo enviar e receber emails, porem, fico sem os logs e o controle desse micro se eu tirar o proxy do navegador.

Alguem pode me dar uma ajuda aki?

Segue o meu firewall:

echo "1" > /proc/sys/net/ipv4/ip_forward

#Limpando Regras
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle

#Definindo politica padrao
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#Comunicacao entre processos Loopback
iptables -A INPUT -i lo -j ACCEPT

#libera acesso a porta do sintegra
iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT

# ICMP
iptables -A INPUT -p icmp -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT

# Regra criada para o DHCP
iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -p UDP --sport 67 --dport 68 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth1 -p UDP --sport 68 --dport 67 -m state --state NEW,ESTABLISHED -j ACCEPT

# DNS
iptables -A INPUT -i eth1 -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p tcp -s 192.168.0.0/24 --dport 53 -j ACCEPT

# SSH e FTP rede interna
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 21 --syn -j ACCEPT

# SSH rede exterma
iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 22 --syn -j ACCEPT

#Webmin rede interna
iptables -A INPUT -p tcp -s 192.168.0.0/24 -d 0/0 --dport 10000 --syn -j ACCEPT

#Webmin rede externa
iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT
iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT

iptables -A INPUT -i ppp0 -s 0/0 -p tcp --dport 10000 --syn -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -i ppp0 --dport 10000 -j ACCEPT

# NetBIOS rede interna
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p tcp --dport 137:139 --syn -j ACCEPT
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -p udp --dport 137:139 -j ACCEPT

# Acesso interno ao PROXY
iptables -A INPUT -i eth1 -s 192.168.0.0/24 -d 192.168.0.1 -p tcp --dport 3128 --tcp-flags ACK,SYN SYN -j ACCEPT

#Pacotes TCP e UDP de retorno sempre abertos (ACK)
iptables -A INPUT -s 0/0 -d 0/0 -p tcp -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -s 0/0 -d 0/0 -p udp -m state --state ESTABLISHED -j ACCEPT

#Nat Reverso E-Mail
#iptables -t nat -A PREROUTING -s 0/0 -d 0/0 -p tcp --dport 5900 -j DNAT --to 10.0.1.50:5900
#iptables -A FORWARD -s 0/0 -d 192.168.2.2 -p tcp --dport 25 -j ACCEPT
#iptables -A FORWARD -s 192.168.2.2 -d 0/0 -p tcp --sport 25 -j ACCEPT

# Regra de masquerading
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE

# Regras de roteamento

# Acesso interno ao SMTP e POP Outlook
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 25 -j ACCEPT

iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 110 -j ACCEPT

#NTP
iptables -A FORWARD -p udp --dport 123 -j ACCEPT

#Libera forward - Acesso sem proxy

# IP Assistencia
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.116 -d 0/0 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 0/0 -d 192.168.0.116 -p tcp -j ACCEPT

# IP Assistencia
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.1.108 -d 0/0 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 0/0 -d 192.168.1.108 -p tcp -j ACCEPT

###################################### REGRA MARCELO ############################################
# Linux
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.1.115 -d 0/0 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 0/0 -d 192.168.1.115 -p tcp -j ACCEPT

# Micro Marcelo
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.1.122 -d 0/0 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 0/0 -d 192.168.1.122 -p tcp -j ACCEPT

#Libera MSN Marcelo
#iptables -A FORWARD -o ppp0 -p tcp -s 192.168.1.195/24 -m multiport --dports 1863,7001 -j ACCEPT
#iptables -A FORWARD -o ppp0 -p udp -s 192.168.1.195/24 --dport 7001 -j ACCEPT
#iptables -A FORWARD -i ppp0 -p tcp -d 192.168.1.195/24 -m multiport --sports 1863,7001 -j ACCEPT
#iptables -A FORWARD -i ppp0 -p udp -d 192.168.1.195/24 --sport 7001 -j ACCEPT
#################################################################################################

# Bloqueia MSN Geral
#iptables -A FORWARD -o ppp0 -p tcp -m multiport --dports 1863,7001 -j DROP
#iptables -A FORWARD -o ppp0 -p udp --dport 7001 -j DROP

#############################################################################################

# Sicoob CEDENTE
iptables -A OUTPUT -p tcp --dport 5006 -j ACCEPT # Conexao com a base da cooperativa
iptables -A OUTPUT -p udp --dport 5006 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT # Envio de arquivo de movimento
iptables -A OUTPUT -p udp --dport 8080 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 189.75.117.230/24 -p tcp -j ACCEPT # Conexao com a base d
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 189.75.117.230/24 -p tcp -j ACCEPT # Envio de arquivo de
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 189.75.117.230/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 189.75.117.230/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 189.75.117.230/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 189.75.117.230/24 -d 192.168.0.0/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 189.75.117.230/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 189.75.117.230/24 -d 192.168.0.0/24 -p udp -j ACCEPT

# LIBERANDO VIVO VPN W VIVO 360
#iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
#iptables -A OUTPUT -p udp --dport 443 -j ACCEPT
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.142.128.120/24 -p tcp -j ACCEPT
#iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.142.128.18/24 -p tcp -j ACCEPT

# Liberando o OUTLOOK
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.165.132.155 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.165.132.155 --sport 53 -d 192.168.0.0/24 -j ACCEPT
iptables -A FORWARD -p udp -s 192.168.0.0/24 -d 200.165.132.147 --dport 53 -j ACCEPT
iptables -A FORWARD -p udp -s 200.165.132.147 --sport 53 -d 192.168.0.0/24 -j ACCEPT

#iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT

iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --sport 25 -j ACCEPT
iptables -A FORWARD -p tcp --sport 110 -j ACCEPT

# Regra especifica NF-e
iptables -t nat -A PREROUTING -p tcp -d 201.55.62.0/24 -j ACCEPT
iptables -A FORWARD -p tcp -d 201.55.62.0/24 --dport 80 -j ACCEPT

# Liberando acesso a NFE (Nota fiscal Eletronica)
iptables -t nat -I PREROUTING -p tcp --dport 80 -s 192.168.0.0/24 -d 200.189.133.249 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 80 -s 192.168.0.0/24 -d 200.189.133.247 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 200.189.133.249 -j ACCEPT
iptables -A FORWARD -p tcp -d 200.189.133.249 -j ACCEPT
iptables -t nat -A PREROUTING -p tcp -d 200.189.133.247 -j ACCEPT
iptables -A FORWARD -p tcp -d 200.189.133.247 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 4199 -j ACCEPT
iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp --dport 5656 -j ACCEPT

iptables -t nat -A POSTROUTING -j MASQUERADE

# Liberar Conexao TED
iptables -A OUTPUT -p tcp --dport 8017 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8017 -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 201.16.234.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i eth1 -o ppp0 -s 192.168.0.0/24 -d 200.166.92.27/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 201.16.234.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p tcp -j ACCEPT
iptables -t filter -A FORWARD -i ppp0 -o eth1 -s 200.166.92.27/24 -d 192.168.0.0/24 -p udp -j ACCEPT

# Fecha o roteamento com destino a porta 80 e 443
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --sport 1:65535 --dport www -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --sport 1:65535 --dport 443 -j DROP
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp -j DROP

# Libera o roteamento DNS
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -d 0/0 -p tcp --dport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p udp --sport 53 -j ACCEPT
iptables -A FORWARD -s 0/0 -d 192.168.0.0/24 -p tcp --sport 53 -j ACCEPT

#Log do Firewall
iptables -A INPUT -p tcp -j LOG

# Fecha todo o resto do roteamento

iptables -A INPUT -s 0/0 -d 0/0 -j LOG
iptables -A INPUT -s 0/0 -d 0/0 -j DROP


iptables -A FORWARD -s 0/0 -d 0/0 -j LOG
iptables -A FORWARD -s 0/0 -d 0/0 -j DROP

O meu squid esta apenas monitorando por enquento, ou seja, eu ainda nao o coloquei que bloquear nada.
As unicas coisas que acrescentei foram:

acl rede src 192.168.0.0/255.255.255.0

http_access allow rede.

Desde já agradeço a todos que se disponibilizaram a me ajudar!

Marcelo Rodrigues




  


2. Re: Servidor Linux Bloqueando Outlook, incredmail...

wesley alves pereira
wesleya2

(usa Debian)

Enviado em 25/06/2012 - 08:46h

no squid.conf talvez vc tenha que liberar as portas referentes ao pop smtp imap sei la que você esta tentando fazer

verifica no port safe se ja esta liberado.

acl Safe_ports port xx ...


3. Testeq

MARCELO HENRIQUE BERNARDES RODRIGUES
marcelohbr

(usa CentOS)

Enviado em 25/06/2012 - 13:16h

Eh wesleya2, acabei de liberar as portas tb no squid mas nao adiantou, continua nao deixando me conectar ao meu email (pop e smtp).

Por favor, alguem me ajude ae...


4. Re: Servidor Linux Bloqueando Outlook, incredmail...

wesley alves pereira
wesleya2

(usa Debian)

Enviado em 25/06/2012 - 13:33h

e no momento em que você esta tentando enviar e receber o que esta aparecendo no log do squid?


5. Re: Servidor Linux Bloqueando Outlook, incredmail...

MARCELO HENRIQUE BERNARDES RODRIGUES
marcelohbr

(usa CentOS)

Enviado em 25/06/2012 - 16:22h

Não acontece nada, ele nao mostra nenhum log. Por isso que acho que eh o iptables que esta bloqueando o email.






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts