Postfix configuration outgoing mail problem; connection timed out

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix configuration outgoing mail problem; connection timed out

Michael Jean
Hello,

I have a problem with postfix. It is installed on a host in my small
home lan behind a router. My ISP is rogers. I have 3 external email
addresses I am testing to/from, one of them being [hidden email], the
others [hidden email] and [hidden email]. My local domain is
mydomain.ca so I am trying to send from me@mydomain.

I can receive mail for [hidden email] from each of these accounts no
problem but I can only send mail successfully from this account to
[hidden email].

mymailhost:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mydomain = mydomain.ca
myhostname = mymailhost.mydomain.ca
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $mydomain
notify_classes = bounce,delay,policy,protocol,resource,software
relay_domains =
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/toots-cert.pem
smtpd_tls_key_file = /etc/postfix/toots-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

mail.log:
Oct 14 23:31:16 mymailhost postfix/smtp[9166]: 5F01426400:
to=<[hidden email]>, relay=none, delay=60, delays=0.04/0.02/60/0,
dsn=4.4.1, status=deferred (connect to
filter.somewhere.ca[ipaddress]:25: Connection timed out)

Oct 14 23:31:51 mymailhost postfix/smtp[9188]: 7EFCE26403:
to=<[hidden email]>, relay=none, delay=60, delays=0.03/0.01/60/0,
dsn=4.4.1, status=deferred (connect to
mail.somewhereelse.ca[ipaddress]:25: Connection timed out)

Oct 14 23:31:36 mymailhost postfix/smtp[9178]: 164E126402:
to=<[hidden email]>, relay=mx2.rog.mail.yahoo.com[206.190.37.7]:25,
delay=60, delays=0.03/0.01/60/0.14, dsn=2.0.0, status=sent (250 ok
dirdel)

I attempted to use relayhost=[smtp.broadband.rogers.com] in main.cf

with sasl_passwd:
[smtp.broadband.rogers.com] me:myrogerspassword

then postmap sasl_passwd and reload and send new test messages but then
mail no longer is delivered to [hidden email] (or the others).


Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

Noel Jones-2
On 10/19/2009 10:03 PM, Michael Jean wrote:

> Hello,
>
> I have a problem with postfix. It is installed on a host in my small
> home lan behind a router. My ISP is rogers. I have 3 external email
> addresses I am testing to/from, one of them being [hidden email], the
> others [hidden email] and [hidden email]. My local domain is
> mydomain.ca so I am trying to send from me@mydomain.
>
> I can receive mail for [hidden email] from each of these accounts no
> problem but I can only send mail successfully from this account to
> [hidden email].
>
> mymailhost:/etc/postfix# postconf -n
> alias_database = hash:/etc/aliases
> alias_maps = hash:/etc/aliases
> broken_sasl_auth_clients = yes
> config_directory = /etc/postfix
> mailbox_command = procmail -a "$EXTENSION"
> mailbox_size_limit = 0
> mydestination = $myhostname localhost.$mydomain localhost $mydomain
> mydomain = mydomain.ca
> myhostname = mymailhost.mydomain.ca
> mynetworks = 192.168.0.0/24, 127.0.0.0/8
> myorigin = $mydomain
> notify_classes = bounce,delay,policy,protocol,resource,software
> relay_domains =
> smtp_tls_CAfile = /etc/postfix/cacert.pem
> smtp_tls_security_level = may
> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> smtpd_banner = $myhostname ESMTP
> smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks
> smtpd_recipient_restrictions = permit_sasl_authenticated
> permit_mynetworks reject_unauth_destination
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_tls_CAfile = /etc/postfix/cacert.pem
> smtpd_tls_cert_file = /etc/postfix/toots-cert.pem
> smtpd_tls_key_file = /etc/postfix/toots-key.pem
> smtpd_tls_received_header = yes
> smtpd_tls_security_level = may
> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> smtpd_use_tls = yes
> tls_random_source = dev:/dev/urandom
>
> mail.log:
> Oct 14 23:31:16 mymailhost postfix/smtp[9166]: 5F01426400:
> to=<[hidden email]>, relay=none, delay=60, delays=0.04/0.02/60/0,
> dsn=4.4.1, status=deferred (connect to
> filter.somewhere.ca[ipaddress]:25: Connection timed out)
>
> Oct 14 23:31:51 mymailhost postfix/smtp[9188]: 7EFCE26403:
> to=<[hidden email]>, relay=none, delay=60, delays=0.03/0.01/60/0,
> dsn=4.4.1, status=deferred (connect to
> mail.somewhereelse.ca[ipaddress]:25: Connection timed out)
>
> Oct 14 23:31:36 mymailhost postfix/smtp[9178]: 164E126402:
> to=<[hidden email]>, relay=mx2.rog.mail.yahoo.com[206.190.37.7]:25,
> delay=60, delays=0.03/0.01/60/0.14, dsn=2.0.0, status=sent (250 ok
> dirdel)

Looks as if your ISP is blocking outbound port 25 connections.

>
> I attempted to use relayhost=[smtp.broadband.rogers.com] in main.cf
>
> with sasl_passwd:
> [smtp.broadband.rogers.com] me:myrogerspassword

Yes, the solution you describe is correct.  Maybe you
fat-fingered something -- it's hard for us to tell without any
evidence.

>
> then postmap sasl_passwd and reload and send new test messages but then
> mail no longer is delivered to [hidden email] (or the others).
>
>

Debug from that point on.  What's logged here?  Is postfix
connecting to the correct IP? correct credentials?  Is postfix
built with SASL client support?

http://www.postfix.org/SASL_README.html#client_sasl
http://www.postfix.org/DEBUG_README.html

If you need more help, show unobfuscated "postconf -n"
configuration (other than username/password) and logging.

   -- Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

Sahil Tandon
In reply to this post by Michael Jean
On Mon, 19 Oct 2009, Michael Jean wrote:

> I have a problem with postfix. It is installed on a host in my small
> home lan behind a router. My ISP is rogers. I have 3 external email
> addresses I am testing to/from, one of them being [hidden email], the
> others [hidden email] and [hidden email]. My local domain is
> mydomain.ca so I am trying to send from me@mydomain.
>
> I can receive mail for [hidden email] from each of these accounts no
> problem but I can only send mail successfully from this account to
> [hidden email].
>
> mail.log:
> Oct 14 23:31:16 mymailhost postfix/smtp[9166]: 5F01426400:
> to=<[hidden email]>, relay=none, delay=60, delays=0.04/0.02/60/0,
> dsn=4.4.1, status=deferred (connect to
> filter.somewhere.ca[ipaddress]:25: Connection timed out)
>
> Oct 14 23:31:51 mymailhost postfix/smtp[9188]: 7EFCE26403:
> to=<[hidden email]>, relay=none, delay=60, delays=0.03/0.01/60/0,
> dsn=4.4.1, status=deferred (connect to
> mail.somewhereelse.ca[ipaddress]:25: Connection timed out)

Your ISP blocks outbound traffic on port 25 when it is not destined for
rogers SMTP servers.
 
> Oct 14 23:31:36 mymailhost postfix/smtp[9178]: 164E126402:
> to=<[hidden email]>, relay=mx2.rog.mail.yahoo.com[206.190.37.7]:25,
> delay=60, delays=0.03/0.01/60/0.14, dsn=2.0.0, status=sent (250 ok
> dirdel)

A rogers server, and thus allowed by your ISP.

> I attempted to use relayhost=[smtp.broadband.rogers.com] in main.cf
>
> with sasl_passwd:
> [smtp.broadband.rogers.com] me:myrogerspassword
>
> then postmap sasl_passwd and reload and send new test messages but then
> mail no longer is delivered to [hidden email] (or the others).

This is an insufficient problem description.  Show logs related to the
problem along with the output of 'postconf -n' that proves you set
relayhost.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

postfix@netorbit.it
In reply to this post by Noel Jones-2
Noel Jones wrote:[...]


>>
>> mail.log:
>> Oct 14 23:31:16 mymailhost postfix/smtp[9166]: 5F01426400:
>> to=<[hidden email]>, relay=none, delay=60, delays=0.04/0.02/60/0,
>> dsn=4.4.1, status=deferred (connect to
>> filter.somewhere.ca[ipaddress]:25: Connection timed out)
>>
>> Oct 14 23:31:51 mymailhost postfix/smtp[9188]: 7EFCE26403:
>> to=<[hidden email]>, relay=none, delay=60, delays=0.03/0.01/60/0,
>> dsn=4.4.1, status=deferred (connect to
>> mail.somewhereelse.ca[ipaddress]:25: Connection timed out)

>
> Looks as if your ISP is blocking outbound port 25 connections.
Try to troubleshooting doing a simple telnet on port TCP/25 on the
remote host.
If you can get the welcome banner from the remote SMTP server, the issue
is somewhere else.


Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

@lbutlr
On 20-Oct-2009, at 02:59, Angelo Amoruso wrote:
> Try to troubleshooting doing a simple telnet on port TCP/25 on the  
> remote host.
> If you can get the welcome banner from the remote SMTP server, the  
> issue is somewhere else.

Nope,. you have to check a full transaction. Rogers, like some ISPs,  
may not only block port 25, but force you to send email "from" a valid  
rogers email address.

Not saying they do, but you need to check sending a mail manually  
'from' your other email addresses and see if roger's servers accept  
the mail and deliver it (test sending to a webmail email so you are  
not testing the loopback into your own server).

If Rogers is blocking port 25, you cannot act as an MX for your domains.

--
Like the moment when the brakes lock/And you slide towards the big
        truck/You stretch the frozen moments with your fear

Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

Michael Jean
In reply to this post by Noel Jones-2
Ok

toots:/etc/postfix# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
mydestination = $myhostname localhost.$mydomain localhost $mydomain
mydomain = kerowax.ca
myhostname = mail.kerowax.ca
mynetworks = 192.168.0.0/24, 127.0.0.0/8
myorigin = $mydomain
notify_classes = bounce,delay,policy,protocol,resource,software
relay_domains =
relayhost = [smtp.broadband.rogers.com]
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks
smtpd_recipient_restrictions = permit_sasl_authenticated
permit_mynetworks reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/toots-cert.pem
smtpd_tls_key_file = /etc/postfix/toots-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom

sasl_passwd:
[smtp.broadband.rogers.com] michaeljean:mypassword

>From alpine on the mail host I tried to send to [hidden email]:

mail.log:
Oct 20 20:45:26 toots postfix/qmgr[24000]: BEDE4263ED:
from=<[hidden email]>, size=602, nrcpt=1 (queue active)
Oct 20 20:45:27 toots postfix/smtp[24024]: BEDE4263ED:
to=<[hidden email]>,
relay=smtp.broadband.rogers.com[206.190.36.18]:25, delay=0.38,
delays=0.02/0/0.29/0.07, dsn=5.0.0, status=bounced (host
smtp.broadband.rogers.com[206.190.36.18] said: 530 authentication
required - for help go to
http://help.yahoo.com/help/us/mail/pop/pop-11.html (in reply to MAIL
FROM command))


On Mon, 2009-10-19 at 22:28 -0500, Noel Jones wrote:

> On 10/19/2009 10:03 PM, Michael Jean wrote:
> > Hello,
> >
> > I have a problem with postfix. It is installed on a host in my small
> > home lan behind a router. My ISP is rogers. I have 3 external email
> > addresses I am testing to/from, one of them being [hidden email], the
> > others [hidden email] and [hidden email]. My local domain is
> > mydomain.ca so I am trying to send from me@mydomain.
> >
> > I can receive mail for [hidden email] from each of these accounts no
> > problem but I can only send mail successfully from this account to
> > [hidden email].
> >
> > mymailhost:/etc/postfix# postconf -n
> > alias_database = hash:/etc/aliases
> > alias_maps = hash:/etc/aliases
> > broken_sasl_auth_clients = yes
> > config_directory = /etc/postfix
> > mailbox_command = procmail -a "$EXTENSION"
> > mailbox_size_limit = 0
> > mydestination = $myhostname localhost.$mydomain localhost $mydomain
> > mydomain = mydomain.ca
> > myhostname = mymailhost.mydomain.ca
> > mynetworks = 192.168.0.0/24, 127.0.0.0/8
> > myorigin = $mydomain
> > notify_classes = bounce,delay,policy,protocol,resource,software
> > relay_domains =
> > smtp_tls_CAfile = /etc/postfix/cacert.pem
> > smtp_tls_security_level = may
> > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> > smtpd_banner = $myhostname ESMTP
> > smtpd_client_restrictions = permit_sasl_authenticated permit_mynetworks
> > smtpd_recipient_restrictions = permit_sasl_authenticated
> > permit_mynetworks reject_unauth_destination
> > smtpd_sasl_auth_enable = yes
> > smtpd_sasl_security_options = noanonymous
> > smtpd_tls_CAfile = /etc/postfix/cacert.pem
> > smtpd_tls_cert_file = /etc/postfix/toots-cert.pem
> > smtpd_tls_key_file = /etc/postfix/toots-key.pem
> > smtpd_tls_received_header = yes
> > smtpd_tls_security_level = may
> > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> > smtpd_use_tls = yes
> > tls_random_source = dev:/dev/urandom
> >
> > mail.log:
> > Oct 14 23:31:16 mymailhost postfix/smtp[9166]: 5F01426400:
> > to=<[hidden email]>, relay=none, delay=60, delays=0.04/0.02/60/0,
> > dsn=4.4.1, status=deferred (connect to
> > filter.somewhere.ca[ipaddress]:25: Connection timed out)
> >
> > Oct 14 23:31:51 mymailhost postfix/smtp[9188]: 7EFCE26403:
> > to=<[hidden email]>, relay=none, delay=60, delays=0.03/0.01/60/0,
> > dsn=4.4.1, status=deferred (connect to
> > mail.somewhereelse.ca[ipaddress]:25: Connection timed out)
> >
> > Oct 14 23:31:36 mymailhost postfix/smtp[9178]: 164E126402:
> > to=<[hidden email]>, relay=mx2.rog.mail.yahoo.com[206.190.37.7]:25,
> > delay=60, delays=0.03/0.01/60/0.14, dsn=2.0.0, status=sent (250 ok
> > dirdel)
>
> Looks as if your ISP is blocking outbound port 25 connections.
>
> >
> > I attempted to use relayhost=[smtp.broadband.rogers.com] in main.cf
> >
> > with sasl_passwd:
> > [smtp.broadband.rogers.com] me:myrogerspassword
>
> Yes, the solution you describe is correct.  Maybe you
> fat-fingered something -- it's hard for us to tell without any
> evidence.
>
> >
> > then postmap sasl_passwd and reload and send new test messages but then
> > mail no longer is delivered to [hidden email] (or the others).
> >
> >
>
> Debug from that point on.  What's logged here?  Is postfix
> connecting to the correct IP? correct credentials?  Is postfix
> built with SASL client support?
>
> http://www.postfix.org/SASL_README.html#client_sasl
> http://www.postfix.org/DEBUG_README.html
>
> If you need more help, show unobfuscated "postconf -n"
> configuration (other than username/password) and logging.
>
>    -- Noel Jones

Reply | Threaded
Open this post in threaded view
|

Re: Postfix configuration outgoing mail problem; connection timed out

Sahil Tandon
On Tue, 20 Oct 2009, Michael Jean wrote:

> smtpd_sasl_auth_enable = yes

smtpd != smtp; you never enabled SASL for the smtp *client*.  Review the
SASL_README, specifically the client section to which you have already
been referred.

> sasl_passwd:
> [smtp.broadband.rogers.com] michaeljean:mypassword

You do not define $smtp_sasl_password_maps, so the contents of this file
are irrelevant.

> mail.log:
> Oct 20 20:45:26 toots postfix/qmgr[24000]: BEDE4263ED:
> from=<[hidden email]>, size=602, nrcpt=1 (queue active)
> Oct 20 20:45:27 toots postfix/smtp[24024]: BEDE4263ED:
> to=<[hidden email]>,
> relay=smtp.broadband.rogers.com[206.190.36.18]:25, delay=0.38,
> delays=0.02/0/0.29/0.07, dsn=5.0.0, status=bounced (host
> smtp.broadband.rogers.com[206.190.36.18] said: 530 authentication
> required - for help go to
> http://help.yahoo.com/help/us/mail/pop/pop-11.html (in reply to MAIL
> FROM command))

This makes sense in light of the above.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Postfix configuration outgoing mail problem; connection timed out

Stan Hoeppner
Sahil Tandon put forth on 10/20/2009 8:57 PM:

> On Tue, 20 Oct 2009, Michael Jean wrote:
>
>> smtpd_sasl_auth_enable = yes
>
> smtpd != smtp; you never enabled SASL for the smtp *client*.  Review the
> SASL_README, specifically the client section to which you have already
> been referred.
>
>> sasl_passwd:
>> [smtp.broadband.rogers.com] michaeljean:mypassword
>
> You do not define $smtp_sasl_password_maps, so the contents of this file
> are irrelevant.

I need to put this in a wiki, as this comes up frequently.  Answered it
twice in as many weeks recently:

/etc/postfix/main.cf

relayhost = [submission-relay.your-isp.tld]:587
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

/etc/postfix/sasl_passwd

submission-relay.your-isp.tld [hidden email]:password

*nix-host:/# postmap sasl_passwd
*nix-host:/# postfix reload

--
Stan