Turning on UFW stops my e-mail client functioning (both imap and smtp) even though they are allowed?

ubuntu ssh smtp imap ufw

12,468

Solution 1

You're blocking DNS, which would break lookups for mail and explains the SSH login slowdown as well.

Allow port 53 - both TCP and UDP.

Solution 2

This worked for me, Besides allowing port 53, i also added sudo ufw allow 25 and then i did sudo ufw status to make sure my new rule is active on place.

12,468

NimChimpsky

Updated on September 18, 2022

Comments

NimChimpsky almost 2 years

I am using ubuntu 10.04 on a VPS. Without enabling UFW everythign works fine - imap using port 143. And sends emails using smtp port 587.

However, when I turn on UFW a lot of problems are encountered. Email fails, ssh log ins are very slow, and dig command does not work - it times out. Also, Apt-get install does not work.

ufw status verbose returns :

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
Anywhere                   ALLOW IN    my.ip.address.0
Anywhere                   ALLOW IN    my.ip.address.0/24
80                         ALLOW IN    Anywhere
443                        ALLOW IN    Anywhere
25/tcp                     ALLOW IN    Anywhere
587                        ALLOW IN    Anywhere
143                        ALLOW IN    Anywhere
993                        ALLOW IN    Anywhere
465/tcp                    ALLOW IN    Anywhere
587/tcp                    ALLOW IN    Anywhere
143/tcp                    ALLOW IN    Anywhere
587/udp                    ALLOW IN    Anywhere
53/tcp                     ALLOW IN    Anywhere
53/udp                     ALLOW IN    Anywhere
68/udp                     ALLOW IN    Anywhere
67/udp                     ALLOW IN    Anywhere
53                         ALLOW IN    Anywhere
53                         ALLOW OUT   Anywhere
53/tcp                     ALLOW OUT   Anywhere
53/udp                     ALLOW OUT   Anywhere

In my syslog I get the following (and same again with port 53 allowed):

Aug 25 13:55:31 VPS##-###-## postfix/smtpd[23611]: NOQUEUE: reject: RCPT from unknown[ip.address.here.0]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-qy0-f179.google.com>

/var/log/messages does not seem to contain anything relevant even though ufw logging is on

Admin almost 13 years

Are you inadvertently blocking outgoing traffic? That would cause TCP connections to fail (since the handshake can't complete) and may impact SSH because SSH may be doing a DNS lookup for the client.

NimChimpsky almost 13 years

Tried it, no luck .... ? See edit and ufw status verbose output
ravi yarlagadda almost 13 years

Check if you can resolve names - dig example.com. How is the device's DNS resolution configured?
cjc almost 13 years

You want to just allow DNS traffic, not just allow in. Your server is making an outgoing DNS query on port 53. The return traffic for DNS will not be on 53. Your firewall rule for DNS is more for running a DNS server, rather than for making queries.
NimChimpsky almost 13 years

Actually, apt-get install doe snto work with ufw enabled, it does when disabled. Just did it to get dnsutils
ravi yarlagadda almost 13 years

@NimChimpsky That's also indication that name resolution is broken. Your default outgoing is set to allow, but doesn't seem to be working. Try ufw allow out 53.
NimChimpsky almost 13 years

@Shane Madden, tried see updated output. Still not working.
ravi yarlagadda almost 13 years

@NimChimpsky Huh. Well, it certainly seems to be UFW doing it. What DNS server is the device using? Check for block messages in /var/log/messages after trying name resolution. If all else fails, try ufw reset then re-configure it with the needed rules..