Following some security hardening on an “older” Ubuntu 12.04.2 LTS VPS, I noticed that messages were not being delivered by the Sendmail MTA.
I run Sendmail in conjunction with Fail2ban to protect common public-facing services from brute-force attempts–using both stock and custom written filters. When an attack is successfully identified and mitigated, a report including a WHOIS is delivered to my personal mailbox.
Additionally, a notification is supposed to be sent out, if and/or when the service’s status changes, i.e. is restarted or stopped.
Messages weren’t flowing. Let’s investigate.
A stock Sendmail configuration logs mail server activity to /var/log/mail.log:
1
|
|
Here’s the relevant line:
1
|
|
Well that’s weird. Messages are being deferred as it can’t reach the local host. Can I get in?
1 2 |
|
Nope. No response–we should be presented the MTA banner instantly.
We need to add an additional rule to our iptables INPUT chain to allow traffic from the local interface:
1
|
|
You should now see this:
1 2 3 4 |
|
Now we can get in:
1 2 3 4 5 6 7 |
|
Sendmail will quickly attempt to re-deliver all the deferred messages in the queue.