Connection refused

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection refused

aziz knina-2
Hi,

I'm a new user of postfix.
my case is a little bit particular: my company have rent a server at
an ISP.
this machine is located at a datacenter of this ISP, in which we have
installed RHEL 5 and postfix.

the ISP had opened all necessary port: SMTP, POP3, IMAP, WWW...
here below the postconf of the server:
------------------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain,$mydomain ,localhost
mydomain = mydomain.com
myhostname = hostname.mydomain.com
mynetworks = <A onclick="return ShowLinkWarning()" href="http://168.100.189.0/28,127.0.0.0/8,0.0.0.0/32" target=_blank rel=nofollow>168.100.189.0/28,127.0.0.0/8,0 .0.0.0/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject _code = 450
------------------------------ ---

My problem is tha I can send emails to outside but I cannot receive
emails from outside: I get the error:
Technical details of permanent failure:

TEMP_FAILURE: The recipient server did not accept our requests to
connect. Learn more at http://mail.google.com/support /bin/answer.py?
answer=7720
[mail.mydomain.com. (10): Connection refused]

the ISP says that there is no problem in his side.

is there any thing that I can check/change in my configuration?

Thank at advance for your help.

Regards,
Aziz

__________________________________________________
Do You Yahoo!?
En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
http://mail.yahoo.fr Yahoo! Mail

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Paweł Leśniak
aziz knina pisze: <http://mydomain.com/>
> myhostname = hostname.mydomain.com <http://hostname.mydomain.com/>
> mynetworks = 168.100.189.0/28,127.0.0.0/8,0 .0.0.0/32
> <http://168.100.189.0/28,127.0.0.0/8,0.0.0.0/32>
^^^^ 0 .0.0.0/32 ?
Delete it.
> TEMP_FAILURE: The recipient server did not accept our requests to
> connect. Learn more at http://mail.google.com/support /bin/answer.py
> <http://mail.google.com/support/bin/answer.py>?
> answer=7720
> [mail.mydomain.com <http://mail.mydomain.com/>. (10): Connection refused]

This says nothing. Send portion of your logfile with errors on trying to
receive message.


P.

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Arturo 'Buanzo' Busleiman
In reply to this post by aziz knina-2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

aziz knina wrote:
| is there any thing that I can check/change in my configuration?

Get the MX records for the domain, then try connecting to port 25 on them.
Also, verify that the IP address[es] they resolve to are the correct IP addresses. Also,
"mail.mydomain.com" and "hostname.mydomain.com" should be the same. Is not easy to help with a
problem when all useful details have been removed...

- --
Arturo "Buanzo" Busleiman
Reliable inter-continental Mail Relay Service - Ask me!
Independent Security Consultant - SANS - OISSG
http://www.buanzo.com.ar/pro/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIGGIEAlpOsGhXcE0RCld3AJ4n7on9UfrgMy2RqCLGtGjPphm5ywCggwzm
eJpN+GdgZ/ONrX9QVqIf3Hs=
=Ummh
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Terry Carmen
In reply to this post by aziz knina-2
aziz knina wrote:

> Hi,
>
> I'm a new user of postfix.
> my case is a little bit particular: my company have rent a server at
> an ISP.
> this machine is located at a datacenter of this ISP, in which we have
> installed RHEL 5 and postfix.
>
> My problem is tha I can send emails to outside but I cannot receive
> emails from outside: I get the error:
> Technical details of permanent failure:
>
> TEMP_FAILURE: The recipient server did not accept our requests to
> connect. Learn more at http://mail.google.com/support /bin/answer.py
> <http://mail.google.com/support/bin/answer.py>?
> answer=7720
> [mail.mydomain.com <http://mail.mydomain.com/>. (10): Connection refused]
>
> the ISP says that there is no problem in his side.
>
> is there any thing that I can check/change in my configuration?

Post the lines from /var/log/maillog that show the connection being
rejected.

Without the log, it's difficult to help.

Terry

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Andrea Gozzi-2
On Wed, 2008-04-30 at 09:16 -0400, Terry Carmen wrote:

> aziz knina wrote:
> > Hi,
> >
> > I'm a new user of postfix.
> > my case is a little bit particular: my company have rent a server at
> > an ISP.
> > this machine is located at a datacenter of this ISP, in which we have
> > installed RHEL 5 and postfix.
> >
> > My problem is tha I can send emails to outside but I cannot receive
> > emails from outside: I get the error:
> > Technical details of permanent failure:
> >
> > TEMP_FAILURE: The recipient server did not accept our requests to
> > connect. Learn more at http://mail.google.com/support /bin/answer.py
> > <http://mail.google.com/support/bin/answer.py>?
> > answer=7720
> > [mail.mydomain.com <http://mail.mydomain.com/>. (10): Connection refused]
> >
> > the ISP says that there is no problem in his side.
> >
> > is there any thing that I can check/change in my configuration?
>
> Post the lines from /var/log/maillog that show the connection being
> rejected.
>
> Without the log, it's difficult to help.
>

If the connecting mx gets a "connection refused", how could there be
anything about it in the postfix logs? Could postfix even do something
like that (I mean refuse without providing a reason)?

Aziz, are you sure your port 25 is world-reachable? Did you try
telnet-ing to it from the outside?

Andrea

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Paweł Leśniak

> If the connecting mx gets a "connection refused", how could there be
> anything about it in the postfix logs? Could postfix even do something
> like that (I mean refuse without providing a reason)?
>
> Aziz, are you sure your port 25 is world-reachable? Did you try
> telnet-ing to it from the outside?
>  
Cite from google help (given in rejected mail bounce):


      'The recipient server did not accept our requests...'

This error message indicates that we've attempted to make a connection
with your recipient's server but didn't receive a reply. Some possible
causes include the following:

    * The other domain doesn't have up-to-date MX records or is
      otherwise misconfigured.
    * The other domain is blacklisting or graylisting messages from Gmail.
    * The other domain is experiencing temporary networking problems.

I still believe that aziz knina should check logs.

P.



Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Randy Ramsdell
In reply to this post by aziz knina-2
aziz knina wrote:

> Hi,
>
> I'm a new user of postfix.
> my case is a little bit particular: my company have rent a server at
> an ISP.
> this machine is located at a datacenter of this ISP, in which we have
> installed RHEL 5 and postfix.
>
> the ISP had opened all necessary port: SMTP, POP3, IMAP, WWW...
> here below the postconf of the server:
> ------------------------------
> alias_database = hash:/etc/postfix/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailbox_command = /usr/bin/procmail -a "$EXTENSION"
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain,$mydomain ,localhost
> mydomain = mydomain.com <http://mydomain.com/>
> myhostname = hostname.mydomain.com <http://hostname.mydomain.com/>

Hopefully  these are set to  the domain you are accepting mail for.

> mynetworks = 168.100.189.0/28,127.0.0.0/8,0 .0.0.0/32
> <http://168.100.189.0/28,127.0.0.0/8,0.0.0.0/32>
> myorigin = $mydomain
> newaliases_path = /usr/bin/newaliases
> queue_directory = /var/spool/postfix
> readme_directory = no
> sample_directory = /etc/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = postdrop
> unknown_local_recipient_reject _code = 450
> ------------------------------ ---
>
> My problem is tha I can send emails to outside but I cannot receive
> emails from outside: I get the error:
> Technical details of permanent failure:
>
> TEMP_FAILURE: The recipient server did not accept our requests to
> connect. Learn more at http://mail.google.com/support /bin/answer.py
> <http://mail.google.com/support/bin/answer.py>?
> answer=7720
> [mail.mydomain.com <http://mail.mydomain.com/>. (10): Connection refused]
>
> the ISP says that there is no problem in his side.
>
> is there any thing that I can check/change in my configuration?
>
> Thank at advance for your help.
>
> Regards,
> Aziz
>
> _________________________________________________
>

telnet $yourmailserver 25

Then send a message.


or nmap -v -p 25 -P0 -sS $yourmailserver

Is port 25 open?
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

mouss-2
In reply to this post by aziz knina-2
aziz knina wrote:

>   Hi,
>
> I'm a new user of postfix.
> my case is a little bit particular: my company have rent a server at
> an ISP.
> this machine is located at a datacenter of this ISP, in which we have
> installed RHEL 5 and postfix.
>
> the ISP had opened all necessary port: SMTP, POP3, IMAP, WWW...
> here below the postconf of the server:
> ------------------------------
> alias_database = hash:/etc/postfix/aliases
> alias_maps = hash:/etc/aliases
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mail_spool_directory = /var/spool/mail
> mailbox_command = /usr/bin/procmail -a "$EXTENSION"
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/local/man
> mydestination = $myhostname, localhost.$mydomain,$mydomain ,localhost
> mydomain = mydomain.com
>  

what is "mydomain.com"?
if you did not hide your domain, people here could connect and give you
much information...

> myhostname = hostname.mydomain.com
> mynetworks = 168.100.189.0/28,127.0.0.0/8,0 .0.0.0/32
>  

replace this with

mynetworks = 127.0.0.1/32

until you have read the docs. note that docs may contain examples that
you shouldn't copy verbatim.

> [snip]
> ------------------------------ ---
>
> My problem is tha I can send emails to outside but I cannot receive
> emails from outside: I get the error:
> Technical details of permanent failure:
>
> TEMP_FAILURE: The recipient server did not accept our requests to
> connect. Learn more at http://mail.google.com/support /bin/answer.py?
> answer=7720
> [mail.mydomain.com. (10): Connection refused]
>  

Is postfix listening on the external IP? (use netstat, lsof, ... to see
that)?

If postfix is listening, then it's probably a firewall that is blocking
access. it may be iptables running on the same machine.

> the ISP says that there is no problem in his side.
>
> is there any thing that I can check/change in my configuration?
>
> Thank at advance for your help.
>
> Regards,
>   Aziz
>
>
>  __________________________________________________
> Do You Yahoo!?
> En finir avec le spam? Yahoo! Mail vous offre la meilleure protection possible contre les messages non sollicités
> http://mail.yahoo.fr Yahoo! Mail
>  

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Paweł Leśniak
Once again. Logfile sent on Apr 30th says:

Apr 27 04:02:03 dedie53 postfix/local[836]: 6EEE69580F: to=<[hidden email]>, orig_to=<root>, relay=local, delay=0.47, delays=0.38/0.03/0/0.05, dsn=5.2.0, status=bounced (can't create user output file. Command output: procmail: Couldn't create "/var/mail/nobody" )

So my guess is that /var/mail directory has wrong permission. Until this is fixed we shouldn't speculate what else is wrong.


P.



Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

mouss-2
Paweł Leśniak wrote:

> Once again. Logfile sent on Apr 30th says:
>
> Apr 27 04:02:03 dedie53 postfix/local[836]: 6EEE69580F:
> to=<[hidden email]>, orig_to=<root>, relay=local, delay=0.47,
> delays=0.38/0.03/0/0.05, dsn=5.2.0, status=bounced (can't create user
> output file. Command output: procmail: Couldn't create
> "/var/mail/nobody" )
>
> So my guess is that /var/mail directory has wrong permission. Until
> this is fixed we shouldn't speculate what else is wrong.

This is a problem that must be fixed, but this doesn't explain
"connection refused" and the fact that he can send mail.

Incidentally, I get a timeout:

$ telnet 81.192.52.65 25
Trying 81.192.52.65...
telnet: connect to address 81.192.52.65: Operation timed out
telnet: Unable to connect to remote host

so procmail is not reached.




Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Paweł Leśniak

>
> This is a problem that must be fixed, but this doesn't explain
> "connection refused" and the fact that he can send mail.
As long as this is not corrected, we can't say this doesn't explain sth.
Connection refused can happen if server is overloaded. And this can
happen when server produces lots of email (from cron jobs for example)
which can't be delivered.
You think of really complicated problems (I can see from your previous
posts you are good with solving them). Here is a problem sent by user
who has some problems with doing really not so complicated checks. That
was pointed out by someone before.

> Incidentally, I get a timeout:
>
> $ telnet 81.192.52.65 25
> Trying 81.192.52.65...
> telnet: connect to address 81.192.52.65: Operation timed out
> telnet: Unable to connect to remote host
>
> so procmail is not reached.
OK You are absolutely right about procmail. But You can't say that
postfix is not running or port is blocked on firewall, because we know
nothing about state of this server. Maybe it's overloaded. Maybe it's
down for some reason. We just have no information about it right now.
I'd rather correct obvious errors, as long as we see ones, before
thinking of other possible problems.


P.

Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Sahil Tandon
* Paweł Leśniak <[hidden email]> [2008-05-03 23:10:27 +0200]:

[...]

>> $ telnet 81.192.52.65 25
>> Trying 81.192.52.65...
>> telnet: connect to address 81.192.52.65: Operation timed out
>> telnet: Unable to connect to remote host
>>
>> so procmail is not reached.
> OK You are absolutely right about procmail. But You can't say that postfix
> is not running or port is blocked on firewall, because we know nothing
> about state of this server. Maybe it's overloaded. Maybe it's down for some
> reason. We just have no information about it right now. I'd rather correct
> obvious errors, as long as we see ones, before thinking of other possible
> problems.
                                       
Actually, we *do* have about the system.  Port 25 is unreachable from the
outside.  You need to figure out why that is and fix it.                              

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Paweł Leśniak

> Actually, we *do* have about the system.  Port 25 is unreachable from the
> outside.  You need to figure out why that is and fix it.                              
>  
Actually *we* do not. Aziz Knina can have any knowledge about it,
because it's his thread.
You are saying port 25 is unreachable. And others? Do You know whether
machine is up right now?

P.


Reply | Threaded
Open this post in threaded view
|

Re: Connection refused

Sahil Tandon
* Paweł Leśniak <[hidden email]> [2008-05-04 10:28:07 +0200]:

>> Actually, we *do* have about the system.  Port 25 is unreachable from the
>> outside.  You need to figure out why that is and fix it.                  
>>              
> Actually *we* do not. Aziz Knina can have any knowledge about it, because
> it's his thread.
> You are saying port 25 is unreachable. And others? Do You know whether
> machine is up right now?
                                         
I did not speculate on other ports; I said port 25 is unreachable from the
outside, the latter defined as at least the machines from which mouss and I
tried to access said port.  This is fact.

--
Sahil Tandon <[hidden email]>