Iptables is blocking outgoing and incomming smtp on my server, although I specified it not to. My policies are DROP everything except what's specified. Changing policies to ACCEPT everything "solves" the problem, but I don't want unlimited traffic on this server. Rules were set as follows (smtp part is the last):
# Flush all rules
iptables -F
iptables -X
# Allow unlimited traffic on loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# Allow incoming and outgoing SSH
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
# Allow incoming HTTP/HTTPS
# HTTP
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
# HTTPS
iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing SMTP
iptables -A INPUT -i eth0 -p tcp --dport 25 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
# Finally, change policy to DROP ALL
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
It's a webserver. Django's send_mail
function is what is being used to send mail. Settings are as follows:
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'person@gmail.com'
EMAIL_HOST_PASSWORD = 'password'
EMAIL_PORT = 587
I assumed 587 was being used for email, so I added for port 587 the same rules shown above for port 25. I also tried switching --dport
/--sport
for smtp, nothing. Setting the rules as in this and this questions (both for port 25 and 587) didn't help either. I even tried doing the same for port 1025, just because it was mentioned on the docs, nothing…
Best Answer
Your firewall rules do not allow DNS traffic (UDP port 53). Thus your Django app cannot perform a DNS lookup to locate
smtp.gmail.com
:To fix this, write firewall rules which permit outgoing DNS queries and incoming DNS responses.