Following some security hardening on an “older” Ubuntu 12.04.2 LTS VPS, I noticed that messages were not being delivered by the Sendmail MTA.
I run Sendmail in conjunction with Fail2ban to protect common public-facing services from brute-force attempts–using both stock and custom written filters. When an attack is successfully identified and mitigated, a report including a WHOIS is delivered to my personal mailbox.
Additionally, a notification is supposed to be sent out, if and/or when the service’s status changes, i.e. is restarted or stopped.
Messages weren’t flowing. Let’s investigate.
A stock Sendmail configuration logs mail server activity to /var/log/mail.log:
Here’s the relevant line:
Well that’s weird. Messages are being deferred as it can’t reach the local host. Can I get in?
Nope. No response–we should be presented the MTA banner instantly.
We need to add an additional rule to our iptables INPUT chain to allow traffic from the local interface:
You should now see this:
1 2 3 4
Now we can get in:
1 2 3 4 5 6 7
Sendmail will quickly attempt to re-deliver all the deferred messages in the queue.