Postfix listening on 25, unable to telnet to 25 - my first config

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
Okay, so last week I posted an issue about the above with lots of errors
and it turns out I hadn't generated the relevant .db files, along with a
couple of other problems. So, I sorted all that out and fired up
postfix, checked that the server was listening on port 25 and then tried
to telnet:

Connecting To 10.100.1.1...Could not open connection to the host, on
port 25: Connect failed


Then tried to send a test message using blat from another machine:

Blat v2.6.2 w/GSS encryption (build : Feb 25 2007 12:06:19)

unexpected error 10065 from winsock
Error: Can't connect to server (timed out if winsock.dll error 10060)


I checked /var/log/secure and found no record of the connection being
dumped; messages contained nothing, nor did maillog tell me anything
useful.

Oct 13 09:56:17 server postfix/postfix-script: starting the Postfix mail
system
Oct 13 09:56:17 server postfix/master[30342]: daemon started -- version
2.3.3, configuration /etc/postfix

Nothing further is listed and the master service is running. I ran a
postfix -check but this gave no output nor appended anything to the log.

I tried loading postfix with -v and -vv, but nothing leapt out at me,
not that I understood much of what it was showing.

/usr/sbin/postconf -n shows:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps =
local_transport = error:local mail delivery is disabled
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination =
mynetworks = 10.100.0.0/22, 100.100.100.128/25
myorigin = domain1.co.uk
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
relay_domains = domain1.co.uk, domain2.co.uk, domain3.co.uk
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/virtual

(ignore the lack of a relay_recipient_map, it's coming, swear to God :P)

I've tried to fix this myself, but unfortunately with the lack of log
information I have been able to find I'm not sure where to go.

Paul Cocker



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Barney Desmond
Firewall? My attempt at reading the postconf output suggests it should
work, though I don't know if an empty mydestination is correct.

See if you can telnet to localhost on the postfix server itself, and
check the output of netstat (`netstat -tnlp` for me) to make sure it's
listening on the correct address/es.


signature.asc (258 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

MacShane, Tracy
In reply to this post by Paul Cocker
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Paul Cocker
> Sent: Monday, 13 October 2008 8:58 PM
> To: [hidden email]
> Subject: Postfix listening on 25, unable to telnet to 25 - my
> first config
>
> Okay, so last week I posted an issue about the above with
> lots of errors
> and it turns out I hadn't generated the relevant .db files,
> along with a
> couple of other problems. So, I sorted all that out and fired up
> postfix, checked that the server was listening on port 25 and
> then tried
> to telnet:
>
> Connecting To 10.100.1.1...Could not open connection to the host, on
> port 25: Connect failed
>
>
> Then tried to send a test message using blat from another machine:
>
> Blat v2.6.2 w/GSS encryption (build : Feb 25 2007 12:06:19)
>
> unexpected error 10065 from winsock
> Error: Can't connect to server (timed out if winsock.dll error 10060)
>
>
> I checked /var/log/secure and found no record of the connection being
> dumped; messages contained nothing, nor did maillog tell me anything
> useful.
>
> Oct 13 09:56:17 server postfix/postfix-script: starting the
> Postfix mail
> system
> Oct 13 09:56:17 server postfix/master[30342]: daemon started
> -- version
> 2.3.3, configuration /etc/postfix
>

As well as telnetting to localhost/25, can you telnet to the FQDN
hostname from the host itself? If you're on the server "mail", what
happens if you telnet mail.example.com 25?
Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by Barney Desmond
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Barney Desmond
> Sent: 13 October 2008 11:43
> To: [hidden email]
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Firewall? My attempt at reading the postconf output suggests
> it should work, though I don't know if an empty mydestination
> is correct.
>

The two machines are on the same VLAN, nothing between them but
switches.

An empty mydestination means (as I understand it) that the server is not
the final destination for any mail. Most of the config comes from the
postfix docs.

> See if you can telnet to localhost on the postfix server
> itself, and check the output of netstat (`netstat -tnlp` for
> me) to make sure it's listening on the correct address/es.
>

Good idea.

That does indeed appear to work, using IP, name and localhost. Very odd,
like I said there's nothing between the two but switches (actually I
believe they're on the same one), and a tracert can reach the box fine.

I had been using tcpwrappers for other services, just to check they
weren't intefering (though I know postfix doesn't use them) I removed
the ALL:ALL line from hosts.deny and rebooted. Didn't help though.

>



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by MacShane, Tracy
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of MacShane, Tracy
> Sent: 13 October 2008 12:05
> To: [hidden email]
> Subject: RE: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> > -----Original Message-----
> > From: [hidden email]
> > [mailto:[hidden email]] On Behalf Of Paul Cocker
> > Sent: Monday, 13 October 2008 8:58 PM
> > To: [hidden email]
> > Subject: Postfix listening on 25, unable to telnet to 25 - my first
> > config
> >
> > Okay, so last week I posted an issue about the above with lots of
> > errors and it turns out I hadn't generated the relevant .db files,
> > along with a couple of other problems. So, I sorted all
> that out and
> > fired up postfix, checked that the server was listening on
> port 25 and
> > then tried to telnet:
> >
> > Connecting To 10.100.1.1...Could not open connection to the
> host, on
> > port 25: Connect failed
> >
> >
> > Then tried to send a test message using blat from another machine:
> >
> > Blat v2.6.2 w/GSS encryption (build : Feb 25 2007 12:06:19)
> >
> > unexpected error 10065 from winsock
> > Error: Can't connect to server (timed out if winsock.dll
> error 10060)
> >
> >
> > I checked /var/log/secure and found no record of the
> connection being
> > dumped; messages contained nothing, nor did maillog tell me
> anything
> > useful.
> >
> > Oct 13 09:56:17 server postfix/postfix-script: starting the Postfix
> > mail system Oct 13 09:56:17 server postfix/master[30342]: daemon
> > started
> > -- version
> > 2.3.3, configuration /etc/postfix
> >
>
> As well as telnetting to localhost/25, can you telnet to the
> FQDN hostname from the host itself? If you're on the server
> "mail", what happens if you telnet mail.example.com 25?
>

All my telneting had been by IP address, the name wasn't in DNS yet.
I've added it, but I get the same problems. As noted in my previous post
I've now found I can access the port from the postfix machine, just not
other machines.



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Noel Jones-2
Paul Cocker wrote:
>
> All my telneting had been by IP address, the name wasn't in DNS yet.
> I've added it, but I get the same problems. As noted in my previous post
> I've now found I can access the port from the postfix machine, just not
> other machines.
>

Use netstat or lsof to see if postfix is really listening on
the external interfaces.

If postfix doesn't appear to be listening on the external
interfaces, check your master.cf.  Some distributions of
postfix change master.cf to force postfix to listen on
localhost only.
Look for a line in master.cf beginning like:
127.0.0.1:smtp  inet ...
and remove the "127.0.0.1:" part.
If this fixes the problem, complain to your distributor.

If postfix does appear to be listening on external interfaces,
then you have firewall software on that host interfering with
postfix.

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by Paul Cocker
> -----Original Message-----
> From: Arek Czereszewski [mailto:[hidden email]]
> Sent: 13 October 2008 13:09
> To: Paul Cocker
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Paul Cocker wrote:
> > All my telneting had been by IP address, the name wasn't in DNS yet.
> > I've added it, but I get the same problems. As noted in my previous
> > post I've now found I can access the port from the postfix machine,
> > just not other machines.
> >
> >
> >
> Check jour iptables/pf/ipf/whatewer rules for connections
> from other host to this mail host.
> If you use iptables:
> iptables -L
> if pf:
> pfctl -sr
>

Currently this server isn't using any connection protection beyond
tcpwrappers.

> Also if you are use acl's on shithes/router also check them.
> show access-list

Both servers are connected to the same switch, it has no access lists.



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by Noel Jones-2
> -----Original Message-----
> From: Noel Jones [mailto:[hidden email]]
> Sent: 13 October 2008 13:36
> To: Paul Cocker; [hidden email]
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Paul Cocker wrote:
> >
> > All my telneting had been by IP address, the name wasn't in DNS yet.
> > I've added it, but I get the same problems. As noted in my previous
> > post I've now found I can access the port from the postfix machine,
> > just not other machines.
> >
>
> Use netstat or lsof to see if postfix is really listening on
> the external interfaces.

Netstat reveala

Proto Recv-Q Send-Q Local Address               Foreign Address
State
tcp        0      0 *:smtp                      *:*
LISTEN

Which I believe indicates it is listening on port 25 for connections
from anywhere, yes?

>
> If postfix doesn't appear to be listening on the external
> interfaces, check your master.cf.  Some distributions of
> postfix change master.cf to force postfix to listen on localhost only.
> Look for a line in master.cf beginning like:
> 127.0.0.1:smtp  inet ...
> and remove the "127.0.0.1:" part.
> If this fixes the problem, complain to your distributor.
>

The smtp line look correct:

smtp      inet  n       -       n       -       -       smtpd

> If postfix does appear to be listening on external
> interfaces, then you have firewall software on that host
> interfering with postfix.
>

Definitely nothing in between, of that I'm certain.

Are there any tools which will give me more information about attempts
to connect to a port on a remote host?

> --
> Noel Jones
>



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Matthias Haegele-2
> The smtp line look correct:
>
> smtp      inet  n       -       n       -       -       smtpd
>
>> If postfix does appear to be listening on external
>> interfaces, then you have firewall software on that host
>> interfering with postfix.
>>
>
> Definitely nothing in between, of that I'm certain.
>
> Are there any tools which will give me more information about attempts
> to connect to a port on a remote host?

tcpdump or another network sniffer you prefer ...

>> --
>> Noel Jones

--
Gruesse/Greetings
MH


Dont send mail to: [hidden email]
--

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

udotirol
In reply to this post by Paul Cocker
Paul Cocker schrieb:

>> -----Original Message-----
>> From: Noel Jones [mailto:[hidden email]]
>> Sent: 13 October 2008 13:36
>> To: Paul Cocker; [hidden email]
>> Subject: Re: Postfix listening on 25, unable to telnet to 25
>> - my first config
>>
>> Paul Cocker wrote:
>>> All my telneting had been by IP address, the name wasn't in DNS yet.
>>> I've added it, but I get the same problems. As noted in my previous
>>> post I've now found I can access the port from the postfix machine,
>>> just not other machines.
>>>
>> Use netstat or lsof to see if postfix is really listening on
>> the external interfaces.
>
> Netstat reveala
>
> Proto Recv-Q Send-Q Local Address               Foreign Address
> State
> tcp        0      0 *:smtp                      *:*
> LISTEN
>
> Which I believe indicates it is listening on port 25 for connections
> from anywhere, yes?
>
>> If postfix doesn't appear to be listening on the external
>> interfaces, check your master.cf.  Some distributions of
>> postfix change master.cf to force postfix to listen on localhost only.
>> Look for a line in master.cf beginning like:
>> 127.0.0.1:smtp  inet ...
>> and remove the "127.0.0.1:" part.
>> If this fixes the problem, complain to your distributor.
>>
>
> The smtp line look correct:
>
> smtp      inet  n       -       n       -       -       smtpd
>
>> If postfix does appear to be listening on external
>> interfaces, then you have firewall software on that host
>> interfering with postfix.
>>
>
> Definitely nothing in between, of that I'm certain.
>
> Are there any tools which will give me more information about attempts
> to connect to a port on a remote host?

use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get

could also be a problem with duplicate IP addresses, are you sure that
the server's IP address is _really_ unique?

--
Udo Rader, CTO
http://www.bestsolution.at
Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Noel Jones-2
In reply to this post by Paul Cocker
Paul Cocker wrote:

>> -----Original Message-----
>> From: Noel Jones [mailto:[hidden email]]
>> Sent: 13 October 2008 13:36
>> To: Paul Cocker; [hidden email]
>> Subject: Re: Postfix listening on 25, unable to telnet to 25
>> - my first config
>>
>> Paul Cocker wrote:
>>> All my telneting had been by IP address, the name wasn't in DNS yet.
>>> I've added it, but I get the same problems. As noted in my previous
>>> post I've now found I can access the port from the postfix machine,
>>> just not other machines.
>>>
>> Use netstat or lsof to see if postfix is really listening on
>> the external interfaces.
>
> Netstat reveala
>
> Proto Recv-Q Send-Q Local Address               Foreign Address
> State
> tcp        0      0 *:smtp                      *:*
> LISTEN
>
> Which I believe indicates it is listening on port 25 for connections
> from anywhere, yes?
>
>> If postfix doesn't appear to be listening on the external
>> interfaces, check your master.cf.  Some distributions of
>> postfix change master.cf to force postfix to listen on localhost only.
>> Look for a line in master.cf beginning like:
>> 127.0.0.1:smtp  inet ...
>> and remove the "127.0.0.1:" part.
>> If this fixes the problem, complain to your distributor.
>>
>
> The smtp line look correct:
>
> smtp      inet  n       -       n       -       -       smtpd
>

Good.  Looks as if postfix is ready for connections.
This means your problem is not with postfix, but with
something else interfering with the connection.

>> If postfix does appear to be listening on external
>> interfaces, then you have firewall software on that host
>> interfering with postfix.
>>
>
> Definitely nothing in between, of that I'm certain.
>
> Are there any tools which will give me more information about attempts
> to connect to a port on a remote host?

See http://www.postfix.org/DEBUG_README.html#sniffer
Run tcpdump on the postfix box to see incoming connections.
Run tcpdump on some external box to see an outgoing connection
to the postfix box (If it's a windows box, use
http://www.wireshark.org). (if it's a windows box, temporarily
disable the antivirus software and the windows firewall)

--
Noel Jones
Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

mouss-2
In reply to this post by Paul Cocker
Paul Cocker a écrit :

>> -----Original Message-----
>> From: Arek Czereszewski [mailto:[hidden email]]
>> Sent: 13 October 2008 13:09
>> To: Paul Cocker
>> Subject: Re: Postfix listening on 25, unable to telnet to 25
>> - my first config
>>
>> Paul Cocker wrote:
>>    
>>> All my telneting had been by IP address, the name wasn't in DNS yet.
>>> I've added it, but I get the same problems. As noted in my previous
>>> post I've now found I can access the port from the postfix machine,
>>> just not other machines.
>>>
>>>
>>>
>>>      
>> Check jour iptables/pf/ipf/whatewer rules for connections
>> from other host to this mail host.
>> If you use iptables:
>> iptables -L
>> if pf:
>> pfctl -sr
>>
>>    
>
> Currently this server isn't using any connection protection beyond
> tcpwrappers.
>  

why? postfix shouldn't be using tcpwrappers. postfix has all the
functionality in itself.

>  
>> Also if you are use acl's on shithes/router also check them.
>> show access-list
>>    
>
> Both servers are connected to the same switch, it has no access lists.
>  
since postfix seems to be listening on its ports, if you can't connect,
then something is preventing that. This may be a firewall (yes, even on
localhost) or any intermediary layer.

anyway, if you don't see postfix logs, then you didn't reach postfix,
and this is not a postfix issue. good luck.



Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by udotirol
> -----Original Message-----
> From: Udo Rader [mailto:[hidden email]]
> Sent: 13 October 2008 15:01
> To: Paul Cocker
> Cc: postfix users list
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Paul Cocker schrieb:
> >> -----Original Message-----
> >> From: Noel Jones [mailto:[hidden email]]
> >> Sent: 13 October 2008 13:36
> >> To: Paul Cocker; [hidden email]
> >> Subject: Re: Postfix listening on 25, unable to telnet to 25
> >> - my first config
> >>
> >> Paul Cocker wrote:
> >>> All my telneting had been by IP address, the name wasn't
> in DNS yet.
> >>> I've added it, but I get the same problems. As noted in
> my previous
> >>> post I've now found I can access the port from the
> postfix machine,
> >>> just not other machines.
> >>>
> >> Use netstat or lsof to see if postfix is really listening on the
> >> external interfaces.
> >
> > Netstat reveala
> >
> > Proto Recv-Q Send-Q Local Address               Foreign Address
> > State
> > tcp        0      0 *:smtp                      *:*
> > LISTEN
> >
> > Which I believe indicates it is listening on port 25 for
> connections
> > from anywhere, yes?
> >
> >> If postfix doesn't appear to be listening on the external
> interfaces,
> >> check your master.cf.  Some distributions of postfix
> change master.cf
> >> to force postfix to listen on localhost only.
> >> Look for a line in master.cf beginning like:
> >> 127.0.0.1:smtp  inet ...
> >> and remove the "127.0.0.1:" part.
> >> If this fixes the problem, complain to your distributor.
> >>
> >
> > The smtp line look correct:
> >
> > smtp      inet  n       -       n       -       -       smtpd
> >
> >> If postfix does appear to be listening on external
> interfaces, then
> >> you have firewall software on that host interfering with postfix.
> >>
> >
> > Definitely nothing in between, of that I'm certain.
> >
> > Are there any tools which will give me more information
> about attempts
> > to connect to a port on a remote host?
>
> use tcpdump for that purpose
>
> please try
>
> $ telnet $IP_OF_SMTP_HOST 25
>
> and show exactly, what you get
>

I ran windump in the background and did a telnet to the IP, however a
findstr on the output file contains no matches. If I do the same thing
using the server name the only matching output in the dump is when the
server performs a name lookup, after that there are no matching entries
by IP or name.

Am I doing something wrong?

> could also be a problem with duplicate IP addresses, are you
> sure that the server's IP address is _really_ unique?

I checked the arp table on the Windows and the MAC addresses match.

>
> --
> Udo Rader, CTO
> http://www.bestsolution.at
>



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by mouss-2
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of mouss
> Sent: 13 October 2008 16:11
> To: [hidden email]
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Paul Cocker a écrit :
> >> -----Original Message-----
> >> From: Arek Czereszewski [mailto:[hidden email]]
> >> Sent: 13 October 2008 13:09
> >> To: Paul Cocker
> >> Subject: Re: Postfix listening on 25, unable to telnet to 25
> >> - my first config
> >>
> >> Paul Cocker wrote:
> >>    
> >>> All my telneting had been by IP address, the name wasn't
> in DNS yet.
> >>> I've added it, but I get the same problems. As noted in
> my previous
> >>> post I've now found I can access the port from the
> postfix machine,
> >>> just not other machines.
> >>>
> >>>
> >>>
> >>>      
> >> Check jour iptables/pf/ipf/whatewer rules for connections
> from other
> >> host to this mail host.
> >> If you use iptables:
> >> iptables -L
> >> if pf:
> >> pfctl -sr
> >>
> >>    
> >
> > Currently this server isn't using any connection protection beyond
> > tcpwrappers.
> >  
>
> why? postfix shouldn't be using tcpwrappers. postfix has all
> the functionality in itself.

It runs other services which do make use.

>
> >  
> >> Also if you are use acl's on shithes/router also check them.
> >> show access-list
> >>    
> >
> > Both servers are connected to the same switch, it has no
> access lists.
> >  
> since postfix seems to be listening on its ports, if you
> can't connect, then something is preventing that. This may be
> a firewall (yes, even on
> localhost) or any intermediary layer.
>
> anyway, if you don't see postfix logs, then you didn't reach
> postfix, and this is not a postfix issue. good luck.
>

Heh, thanks :)



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

RE: Postfix listening on 25, unable to telnet to 25 - my first config

Paul Cocker
In reply to this post by Noel Jones-2
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of Noel Jones
> Sent: 13 October 2008 15:51
> To: postfix users list
> Subject: Re: Postfix listening on 25, unable to telnet to 25
> - my first config
>
> Paul Cocker wrote:
> >> -----Original Message-----
> >> From: Noel Jones [mailto:[hidden email]]
> >> Sent: 13 October 2008 13:36
> >> To: Paul Cocker; [hidden email]
> >> Subject: Re: Postfix listening on 25, unable to telnet to 25
> >> - my first config
> >>
> >> Paul Cocker wrote:
> >>> All my telneting had been by IP address, the name wasn't
> in DNS yet.
> >>> I've added it, but I get the same problems. As noted in
> my previous
> >>> post I've now found I can access the port from the
> postfix machine,
> >>> just not other machines.
> >>>
> >> Use netstat or lsof to see if postfix is really listening on the
> >> external interfaces.
> >
> > Netstat reveala
> >
> > Proto Recv-Q Send-Q Local Address               Foreign Address
> > State
> > tcp        0      0 *:smtp                      *:*
> > LISTEN
> >
> > Which I believe indicates it is listening on port 25 for
> connections
> > from anywhere, yes?
> >
> >> If postfix doesn't appear to be listening on the external
> interfaces,
> >> check your master.cf.  Some distributions of postfix
> change master.cf
> >> to force postfix to listen on localhost only.
> >> Look for a line in master.cf beginning like:
> >> 127.0.0.1:smtp  inet ...
> >> and remove the "127.0.0.1:" part.
> >> If this fixes the problem, complain to your distributor.
> >>
> >
> > The smtp line look correct:
> >
> > smtp      inet  n       -       n       -       -       smtpd
> >
>
> Good.  Looks as if postfix is ready for connections.
> This means your problem is not with postfix, but with
> something else interfering with the connection.
>
> >> If postfix does appear to be listening on external
> interfaces, then
> >> you have firewall software on that host interfering with postfix.
> >>
> >
> > Definitely nothing in between, of that I'm certain.
> >

I should note that, on this front, I can telnet from the same box to our
Exchange server on port 25, which operates within the same IP range as
the postfix box.

Perhaps this hints that I should be looking at the receiving end of the
connection?

> > Are there any tools which will give me more information
> about attempts
> > to connect to a port on a remote host?
>
> See http://www.postfix.org/DEBUG_README.html#sniffer
> Run tcpdump on the postfix box to see incoming connections.
> Run tcpdump on some external box to see an outgoing
> connection to the postfix box (If it's a windows box, use
> http://www.wireshark.org). (if it's a windows box,
> temporarily disable the antivirus software and the windows firewall)
>
> --
> Noel Jones
>



TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

udotirol
In reply to this post by Paul Cocker
Paul Cocker schrieb:

>>>>
>>> Definitely nothing in between, of that I'm certain.
>>>
>>> Are there any tools which will give me more information
>> about attempts
>>> to connect to a port on a remote host?
>> use tcpdump for that purpose
>>
>> please try
>>
>> $ telnet $IP_OF_SMTP_HOST 25
>>
>> and show exactly, what you get
>>
>
> I ran windump in the background and did a telnet to the IP, however a
> findstr on the output file contains no matches. If I do the same thing
> using the server name the only matching output in the dump is when the
> server performs a name lookup, after that there are no matching entries
> by IP or name.
>
> Am I doing something wrong?

I don't know windump, but given that it is a reasonable traffic sniffer,
you should get some results when you try to telnet into your postfix server.

If not, your _client_ cannot reach the server for either a client or a
problem "in between" (maybe a switch with port security?)

Do you have any virus/security software on the client side that maybe
restricts traffic on port 25?

Can you for example do a

telnet mail.cloud9.net 25

on the client?

And can you do the same from your postfix server (in order to find out
if you have network connectivity on your server at all).

Anyhow, given the results you posted so far, this is certainly not a
postfix problem.

--
Udo Rader, CTO
http://www.bestsolution.at
Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

D G Teed-2

Paul Cocker schrieb:


Definitely nothing in between, of that I'm certain.

Are there any tools which will give me more information
about attempts
to connect to a port on a remote host?
use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get


I ran windump in the background and did a telnet to the IP, however a
findstr on the output file contains no matches. If I do the same thing
using the server name the only matching output in the dump is when the
server performs a name lookup, after that there are no matching entries
by IP or name.

Am I doing something wrong?

There are a few things that can make postfix listen only locally.

One is firewall.  You say it isn't an issue.

On the postfix machine, if it is a Unix machine, use lsof -Pni to
verify what ports and addresses master is listening on.

If it is only listening to 127.0.0.1 then you have a problem with
inet_interfaces, or else the look up of the host name listed
in inet_interfaces.  On many Linux machines, the host
resolution order is hosts, dns, and so a bad entry
on /etc/hosts can sting you.

Make sure you don't have 127.0.0.1 set up with the internet host
name of the server in /etc/hosts.  It should be only localhost next to
127.0.0.1   I've seen Redhat installs with this messed up.

--Donald

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Olivier MJ Crepin-Leblond
Also check SElinux if you are running this. It may prevent changes to the port config from taking place.
You can see entries in the logfile called /var/log/messages
 
Regards,
 
Olivier
 
--
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html 
----- Original Message -----
Sent: Friday, November 21, 2008 2:47 AM
Subject: Re: Postfix listening on 25, unable to telnet to 25 - my first config


Paul Cocker schrieb:


Definitely nothing in between, of that I'm certain.

Are there any tools which will give me more information
about attempts
to connect to a port on a remote host?
use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get


I ran windump in the background and did a telnet to the IP, however a
findstr on the output file contains no matches. If I do the same thing
using the server name the only matching output in the dump is when the
server performs a name lookup, after that there are no matching entries
by IP or name.

Am I doing something wrong?

There are a few things that can make postfix listen only locally.

One is firewall.  You say it isn't an issue.

On the postfix machine, if it is a Unix machine, use lsof -Pni to
verify what ports and addresses master is listening on.

If it is only listening to 127.0.0.1 then you have a problem with
inet_interfaces, or else the look up of the host name listed
in inet_interfaces.  On many Linux machines, the host
resolution order is hosts, dns, and so a bad entry
on /etc/hosts can sting you.

Make sure you don't have 127.0.0.1 set up with the internet host
name of the server in /etc/hosts.  It should be only localhost next to
127.0.0.1   I've seen Redhat installs with this messed up.

--Donald

Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Michael De Groote
if you're connecting from a windoze machine, check the firewall (and antivirus, netsecurity, whatever crappy stuff) settings of the windoze machine. I've seen instances where outgoing connections to port 25 were being blocked by some Symantec product, or even the windoze firewall itself... (iirc)
 
 
 

Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven


On Fri, Nov 21, 2008 at 9:19 AM, Olivier MJ Crepin-Leblond <[hidden email]> wrote:
Also check SElinux if you are running this. It may prevent changes to the port config from taking place.
You can see entries in the logfile called /var/log/messages
 
Regards,
 
Olivier
 
--
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html 
----- Original Message -----
Sent: Friday, November 21, 2008 2:47 AM
Subject: Re: Postfix listening on 25, unable to telnet to 25 - my first config


Paul Cocker schrieb:


Definitely nothing in between, of that I'm certain.

Are there any tools which will give me more information
about attempts
to connect to a port on a remote host?
use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get


I ran windump in the background and did a telnet to the IP, however a
findstr on the output file contains no matches. If I do the same thing
using the server name the only matching output in the dump is when the
server performs a name lookup, after that there are no matching entries
by IP or name.

Am I doing something wrong?

There are a few things that can make postfix listen only locally.

One is firewall.  You say it isn't an issue.

On the postfix machine, if it is a Unix machine, use lsof -Pni to
verify what ports and addresses master is listening on.

If it is only listening to 127.0.0.1 then you have a problem with
inet_interfaces, or else the look up of the host name listed
in inet_interfaces.  On many Linux machines, the host
resolution order is hosts, dns, and so a bad entry
on /etc/hosts can sting you.

Make sure you don't have 127.0.0.1 set up with the internet host
name of the server in /etc/hosts.  It should be only localhost next to
127.0.0.1   I've seen Redhat installs with this messed up.

--Donald


Reply | Threaded
Open this post in threaded view
|

Re: Postfix listening on 25, unable to telnet to 25 - my first config

Samy Ascha, Xel Media B.V.
Hey,

Have you actually tried telnetting from other locations? I see you live in The netherlands, where it is common for ISPs to block this port to all destinations, other than their own SMTP servers.

I think this is kind of fascist, but it does, somewhat, limit zombies from sending spam through regular channels.

Whenever I need to do some manual SMTP'ing over a telnet connection, I first login to another host, somewhere in our public network, rather than doing it from my workstation/laptop. It sucks a bit, but I git used to it and just hope this helps preventing some SPAM being sent.

Samy

On Nov 25, 2008, at 8:43 AM, Michael De Groote wrote:

if you're connecting from a windoze machine, check the firewall (and antivirus, netsecurity, whatever crappy stuff) settings of the windoze machine. I've seen instances where outgoing connections to port 25 were being blocked by some Symantec product, or even the windoze firewall itself... (iirc)
 
 
 

Michael De Groote
ICT-coordinator Sint-Pietersschool Korbeek-Lo
ICT-support Sancta Maria Basisschool Leuven


On Fri, Nov 21, 2008 at 9:19 AM, Olivier MJ Crepin-Leblond <[hidden email]> wrote:
Also check SElinux if you are running this. It may prevent changes to the port config from taking place.
You can see entries in the logfile called /var/log/messages
 
Regards,
 
Olivier
 
--
Olivier MJ Crepin-Leblond, Ph.D
Global Information Highway Ltd
http://www.gih.com/ocl.html 
----- Original Message -----
Sent: Friday, November 21, 2008 2:47 AM
Subject: Re: Postfix listening on 25, unable to telnet to 25 - my first config


Paul Cocker schrieb:


Definitely nothing in between, of that I'm certain.

Are there any tools which will give me more information
about attempts
to connect to a port on a remote host?
use tcpdump for that purpose

please try

$ telnet $IP_OF_SMTP_HOST 25

and show exactly, what you get


I ran windump in the background and did a telnet to the IP, however a
findstr on the output file contains no matches. If I do the same thing
using the server name the only matching output in the dump is when the
server performs a name lookup, after that there are no matching entries
by IP or name.

Am I doing something wrong?

There are a few things that can make postfix listen only locally.

One is firewall.  You say it isn't an issue.

On the postfix machine, if it is a Unix machine, use lsof -Pni to
verify what ports and addresses master is listening on.

If it is only listening to 127.0.0.1 then you have a problem with
inet_interfaces, or else the look up of the host name listed
in inet_interfaces.  On many Linux machines, the host
resolution order is hosts, dns, and so a bad entry
on /etc/hosts can sting you.

Make sure you don't have 127.0.0.1 set up with the internet host
name of the server in /etc/hosts.  It should be only localhost next to
127.0.0.1   I've seen Redhat installs with this messed up.

--Donald





PGP.sig (201 bytes) Download Attachment
12