Connection timed out

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection timed out

Evan Ingram
Hi all,

In need of some help. A lot of people sending me email are getting them
bounced. All i see in the logs is:

status=deferred (connect to aserver: Connection timed out)

What can i do to check my config? The mail server is sat on a box which
is behind another box running as a firewall and then the modem router.


--
Evan Ingram
Technical Engineer
CARISS
St Augustines Business Centre,
125 Canterbury Road,
Westgate-on-sea,
Kent
CT8 8NL

0844 576 5421
www.cariss.co.uk

CARISS is a trading name of Ask-4-IT Ltd
Company registered in England and Wales
Company Number - 5374955
VAT Number - 856 1229 22

Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

mouss-2
Evan Ingram wrote:
> Hi all,
>
> In need of some help. A lot of people sending me email are getting them
> bounced. All i see in the logs is:
>
> status=deferred (connect to aserver: Connection timed out)

yes, this happens when ...

do not truncate log lines or we will truncate our answers ;-p


>
> What can i do to check my config? The mail server is sat on a box which
> is behind another box running as a firewall and then the modem router.
>
>

network problem. maybe the firewall. First, try connecting to one of the
problem servers using telnet:

$ telnet aserver 25
...
EHLO yourhostname.example.com
...
QUIT

and post whatever you see.


Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

Evan Ingram

On Tue, 2008-07-29 at 13:53 +0200, mouss wrote:
> $ telnet aserver 25
> ...
> EHLO yourhostname.example.com
> ...
> QUIT
>
> and post whatever you see.

>From the mail server machine it doesn't connect, just sits there trying:

telnet mail.staugustines.uk.com 25
Trying 79.170.40.19...

Works from the machine im using now and also from the firewall machine.

Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

mouss-2
Evan Ingram wrote:

> On Tue, 2008-07-29 at 13:53 +0200, mouss wrote:
>> $ telnet aserver 25
>> ...
>> EHLO yourhostname.example.com
>> ...
>> QUIT
>>
>> and post whatever you see.
>
>>From the mail server machine it doesn't connect, just sits there trying:
>
> telnet mail.staugustines.uk.com 25
> Trying 79.170.40.19...

so it's not a postfix problem since postfix isn't included in telnet.


>
> Works from the machine im using now and also from the firewall machine.
>

check the firewall configuration. and if the postfix machine has
firewall software (or selinux/apparamor), check that as well.
Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

Evan Ingram
On Tue, 2008-07-29 at 15:02 +0200, mouss wrote:
> check the firewall configuration. and if the postfix machine has
> firewall software (or selinux/apparamor), check that as well.

Everything outbound should be allowed, port 25 is forwarded to the mail
server.

For the majority of mail servers its fine. I can send and receive from
them no problem. Just seems that im finding the number that cant send to
me is increasing :( and i don't know why.

Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

mouss-2
Evan Ingram wrote:

> On Tue, 2008-07-29 at 15:02 +0200, mouss wrote:
>> check the firewall configuration. and if the postfix machine has
>> firewall software (or selinux/apparamor), check that as well.
>
> Everything outbound should be allowed, port 25 is forwarded to the mail
> server.
>
> For the majority of mail servers its fine. I can send and receive from
> them no problem. Just seems that im finding the number that cant send to
> me is increasing :( and i don't know why.
>


$ host 82.71.116.46
46.116.71.82.in-addr.arpa domain name pointer gw.cariss.co.uk.
$ host gw.cariss.co.uk
gw.cariss.co.uk has address 82.71.116.46

so you have a custom reverse dns, but you are inside what looks like a
residential block.

$ host 82.71.116.45
45.116.71.82.in-addr.arpa domain name pointer
82-71-116-45.dsl.in-addr.zen.co.uk.
$ host 82.71.116.47
47.116.71.82.in-addr.arpa domain name pointer
82-71-116-47.dsl.in-addr.zen.co.uk.

some sites drop traffic from residential blocks, which could explain why
you cannot connect.

Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

Evan Ingram
On Tue, 2008-07-29 at 15:46 +0200, mouss wrote:
> some sites drop traffic from residential blocks, which could explain why
> you cannot connect.


Hmmm That would make sense. But what about the other machines I have
here being able to connect to the problem mail servers via telnet etc
but my mail server cannot? :/

Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

Scott Kitterman-4
On Tue, 29 Jul 2008 14:59:25 +0100 Evan Ingram <[hidden email]>
wrote:

>On Tue, 2008-07-29 at 15:46 +0200, mouss wrote:
>> some sites drop traffic from residential blocks, which could explain why
>> you cannot connect.
>
>
>Hmmm That would make sense. But what about the other machines I have
>here being able to connect to the problem mail servers via telnet etc
>but my mail server cannot? :/
>
>
These restrictions are generally limited to port 25.  Are you able to
telnet from other machines on port 25?

Scott K
Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

mouss-2
Scott Kitterman wrote:

> On Tue, 29 Jul 2008 14:59:25 +0100 Evan Ingram <[hidden email]>
> wrote:
>> On Tue, 2008-07-29 at 15:46 +0200, mouss wrote:
>>> some sites drop traffic from residential blocks, which could explain why
>>> you cannot connect.
>>
>> Hmmm That would make sense. But what about the other machines I have
>> here being able to connect to the problem mail servers via telnet etc
>> but my mail server cannot? :/
>>
>>
> These restrictions are generally limited to port 25.  Are you able to
> telnet from other machines on port 25?

and if so, what OS are they running? if with the same public IP, you can
connect from old OSes (such as windows XP) but not from recent
linux/bsd/..., then it may be a firewall or nat box bug (tcp window
scaling, delayed ack, ... etc) which require an upgrade/update of the
firewall/natbox.

Also, show examples of servers you fail to connect to.
Reply | Threaded
Open this post in threaded view
|

Re: Connection timed out

Evan Ingram

On Tue, 2008-07-29 at 16:12 +0200, mouss wrote:
> > These restrictions are generally limited to port 25.  Are you able to
> > telnet from other machines on port 25?
> Also, show examples of servers you fail to connect to.

Yes, I can telnet 25 from the other machines I have here.

mail.staugustines.uk.com is one I know I'm having problems receiving
mail from at the moment.

cxdm:~ # telnet mail.staugustines.uk.com 25
Trying 79.170.40.19...
Connected to mail.staugustines.uk.com.
Escape character is '^]'.
220 ESMTP Exim Wed, 30 Jul 2008 10:40:40 +0100

cappa:~ # telnet mail.staugustines.uk.com 25
Trying 79.170.40.19...

My mail server is sat on cappa. Both cxdm and cappa are running
opensuse10.0.

Linux cxdm 2.6.13-15.11-smp #1 SMP Mon Jul 17 09:43:01 UTC 2006 x86_64
x86_64 x86_64 GNU/Linux
Linux cappa 2.6.13-15.18-smp #1 SMP Tue Oct 2 17:36:20 UTC 2007 x86_64
x86_64 x86_64 GNU/Linux

Slightly different kernel versions?