Turning on UFW stops my e-mail client functioning (both imap and smtp) even though they are allowed?
Solution 1
You're blocking DNS, which would break lookups for mail and explains the SSH login slowdown as well.
Allow port 53 - both TCP and UDP.
Solution 2
This worked for me, Besides allowing port 53, i also added sudo ufw allow 25
and then i did sudo ufw status
to make sure my new rule is active on place.
Related videos on Youtube
NimChimpsky
Updated on September 18, 2022Comments
-
NimChimpsky almost 2 years
I am using ubuntu 10.04 on a VPS. Without enabling UFW everythign works fine - imap using port 143. And sends emails using smtp port 587.
However, when I turn on UFW a lot of problems are encountered. Email fails, ssh log ins are very slow, and dig command does not work - it times out. Also, Apt-get install does not work.
ufw status verbose returns :
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing) New profiles: skip To Action From -- ------ ---- Anywhere ALLOW IN my.ip.address.0 Anywhere ALLOW IN my.ip.address.0/24 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere 25/tcp ALLOW IN Anywhere 587 ALLOW IN Anywhere 143 ALLOW IN Anywhere 993 ALLOW IN Anywhere 465/tcp ALLOW IN Anywhere 587/tcp ALLOW IN Anywhere 143/tcp ALLOW IN Anywhere 587/udp ALLOW IN Anywhere 53/tcp ALLOW IN Anywhere 53/udp ALLOW IN Anywhere 68/udp ALLOW IN Anywhere 67/udp ALLOW IN Anywhere 53 ALLOW IN Anywhere 53 ALLOW OUT Anywhere 53/tcp ALLOW OUT Anywhere 53/udp ALLOW OUT Anywhere
In my syslog I get the following (and same again with port 53 allowed):
Aug 25 13:55:31 VPS##-###-## postfix/smtpd[23611]: NOQUEUE: reject: RCPT from unknown[ip.address.here.0]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qy0-f179.google.com>
/var/log/messages
does not seem to contain anything relevant even though ufw logging is on-
Admin almost 13 yearsAre you inadvertently blocking outgoing traffic? That would cause TCP connections to fail (since the handshake can't complete) and may impact SSH because SSH may be doing a DNS lookup for the client.
-
-
NimChimpsky almost 13 yearsTried it, no luck .... ? See edit and ufw status verbose output
-
ravi yarlagadda almost 13 yearsCheck if you can resolve names -
dig example.com
. How is the device's DNS resolution configured? -
cjc almost 13 yearsYou want to just allow DNS traffic, not just allow in. Your server is making an outgoing DNS query on port 53. The return traffic for DNS will not be on 53. Your firewall rule for DNS is more for running a DNS server, rather than for making queries.
-
NimChimpsky almost 13 yearsActually, apt-get install doe snto work with ufw enabled, it does when disabled. Just did it to get dnsutils
-
ravi yarlagadda almost 13 years@NimChimpsky That's also indication that name resolution is broken. Your default outgoing is set to allow, but doesn't seem to be working. Try
ufw allow out 53
. -
NimChimpsky almost 13 years@Shane Madden, tried see updated output. Still not working.
-
ravi yarlagadda almost 13 years@NimChimpsky Huh. Well, it certainly seems to be UFW doing it. What DNS server is the device using? Check for block messages in
/var/log/messages
after trying name resolution. If all else fails, tryufw reset
then re-configure it with the needed rules..