Connection refused / telnet: connect to address 10.5.2.1: Connection refused

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection refused / telnet: connect to address 10.5.2.1: Connection refused

wp.rauchholz
I am setting up an email server on my home box with postfix and dovecot
My server is modem router and has as such an internal and external network interface

From my laptop (LAN)
From Thunderbird I get the message: Could not connect to server localhost. The connection was refused.
Testing with telnet from CLI I get
(1) telnet home smtp
Trying 10.5.2.1...
telnet: connect to address 10.5.2.1: Connection refused
(2) telnet home imap
Trying 10.5.2.1...
Connected to home.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

Testing from server works fine.
telnet localhost imap
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 home.wo-lar.com ESMTP

The server is listening on port 25, 587 and 465
netstat -plutn | grep 25 and 587
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      28704/master
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      21435/smtpd

I can send mails to my gmail account. But when responding to this mail I get nothing back, not even an error message in gmail (might come later?
I opened the firewall ports too:

Extract from my firewall.

### Allow all Internal traffic to Server
iptables -A INPUT -i $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT
iptables -A OUTPUT -o $INT_DEV -s $INT_NET -d $INT_NET -j ACCEPT

# New Connection: SMTP and SMTPS (over TLS/SSL)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 465 -j ACCEPT

# New Connection: IMAP Email Clients (over SSL and non-encrypted)
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn --dport 143 -j ACCEPT

# Submission
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT

Any help to solve this issue is welcome.

Thank you

Wolfgang
Reply | Threaded
Open this post in threaded view
|

Re: Connection refused / telnet: connect to address 10.5.2.1: Connection refused

Jan Ceuleers
On 29/12/2020 13:58, Wolfgang Paul Rauchholz wrote:
I am setting up an email server on my home box with postfix and dovecot
My server is modem router and has as such an internal and external network interface

>From my laptop (LAN)
From Thunderbird I get the message: Could not connect to server localhost. The connection was refused.
Testing with telnet from CLI I get
(1) telnet home smtp
Trying 10.5.2.1...
telnet: connect to address 10.5.2.1: Connection refused
(2) telnet home imap
Trying 10.5.2.1...
Connected to home.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

The Thunderbird error message is about a server named localhost (meaning: the host on which Thunderbird itself is running). Localhost always resolves to the loopback interface, usually with IP address 127.0.0.1. So your Thunderbird test was irrelevant in that it was configured to connect to the wrong host.

Your telnet tests suggest that you expect the server to be running and reachable at IP address 10.5.2.1.

Testing from server works fine.
telnet localhost imap
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.

This test demonstrates that the IMAP server is running on your server machine and is bound to the localhost IP address (again: typically 127.0.0.1 which resolves to the loopback interface).


telnet localhost smtp
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 home.wo-lar.com ESMTP

Same here.

The server is listening on port 25, 587 and 465
netstat -plutn | grep 25 and 587
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      28704/master
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      21435/smtpd

You need to configure your IMAP and SMTP servers to listen on 10.5.2.1:587 and 10.5.2.1:25 respectively. So not localhost.



Reply | Threaded
Open this post in threaded view
|

Re: Connection refused / telnet: connect to address 10.5.2.1: Connection refused

Jim Reid
In reply to this post by wp.rauchholz


> On 29 Dec 2020, at 12:58, Wolfgang Paul Rauchholz <[hidden email]> wrote:
>
> The server is listening on port 25, 587 and 465
> netstat -plutn | grep 25 and 587
> tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      28704/master
> tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      21435/smtpd
>
> I can send mails to my gmail account. But when responding to this mail I get nothing back

That’s to be expected. You seem to have configured postfix to only listen on port 25 for the loopback interface (127.0.0.1). If postfix isn’t listening on an IP address that’s reachable from the Internet, it’s never going to receive any email from the Internet. Check inet_interfaces in main.cf and post the output of postconf if you need further help.

postfix should probably be listening on that 10.5.2.1 interface (as well as 127.0.0.1). But there will be even more to do. 10.5.2.1 is a private IP address that isn’t routed on the Internet. See RC1918. So that isn’t reachable either. Presumably your DSL or cable box is doing network or port address translation to map its real IP address on to 10.5.2.1, the internal one you’ve used on your home network. You’ll need to confirm that address translation is working correctly for both inbound and outbound packets.

You’ll also need to configure the DNS for your domain name(s) to have MX records that ultimately map to that public IP address. If not, the world won’t know how to deliver email to you. ie in the zone file for your-domain.com have entries like:

        your-domain.com. IN MX 20 foo.your-domain.com.
        foo.your-domain.com. IN A public-ip-address-goes-here

On your internal network, you’ll need to configure mail clients to connect to port 25 on 10.5.2.1 when they send email. Or use the loopback interface if the clients run on the same box that’s running postfix. You could do this with a split DNS configuration - two versions of your-domain.com, one for the Internet and one for your internal net. However based on your questions here, that requires a lot more DNS expertise than you appear to have. Questions about that belong on a DNS forum and not the postfix mailing list.

BTW Your test connections to 10.5.2.1:imap work because IIRC dovecot listens on all available network interfaces by default. postfix has to be told which interfaces to listen on port 25 for incoming email.