post fix problem

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

post fix problem

Hans Krueger
I have postfix on a suse 12.3 32bit machine that I run my mail and web server on
can't get postfix to receive on the internet side
I can telnet on my local network but not the internet side
I get Connection refused
I'm doing something wrong
thanks
--
Hans Krueger
[hidden email]

registered Linux user 289023
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

lists@rhsoft.net

Am 21.12.2013 20:59, schrieb Hans Krueger:
> I have postfix on a suse 12.3 32bit machine that I run my mail and web server on
> can't get postfix to receive on the internet side
> I can telnet on my local network but not the internet side
> I get Connection refused
> I'm doing something wrong

http://en.wikipedia.org/wiki/Port_forwarding

but honsetly you do not provide *any* information about
your network environment / configuration so hard to help

nor do you say which port you are trying, what internet provider
keep in mind that many ISP's block port 25 and you have to use
587 (submission) if that is the case on the server side than
it's not a server-grade internet connection
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Benny Pedersen-2
In reply to this post by Hans Krueger
Hans Krueger skrev den 2013-12-21 20:59:
> I have postfix on a suse 12.3 32bit machine that I run my mail and
> web server on
>  can't get postfix to receive on the internet side
>  I can telnet on my local network but not the internet side
>  I get Connection refused
>  I'm doing something wrong

more info needed

netstat -natpu
postconf -n



Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Hans Krueger
netstat -natpu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      930/dovecot        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      600/httpd2-prefork 
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1083/perl          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      940/sshd           
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3846/master        
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      6687/1             
tcp        0    720 192.168.1.3:22          192.168.1.192:48605     ESTABLISHED 6684/sshd: hans [pr
tcp        0      0 :::631                  :::*                    LISTEN      1/init             
udp        0      0 0.0.0.0:59588           0.0.0.0:*                           408/avahi-daemon: r
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           408/avahi-daemon: r
udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1083/perl          
udp        0      0 0.0.0.0:631             0.0.0.0:*                           1/init             
udp        0      0 192.168.1.3:123         0.0.0.0:*                           958/ntpd           
udp        0      0 127.0.0.1:123           0.0.0.0:*                           958/ntpd           
udp        0      0 0.0.0.0:123             0.0.0.0:*                           958/ntpd           
udp        0      0 :::5353                 :::*                                408/avahi-daemon: r
udp        0      0 :::46878                :::*                                408/avahi-daemon: r
udp        0      0 :::123                  :::*                                958/ntpd     


PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
143/tcp   open  imap
10000/tcp open  snet-sensor-mgmt

 postconf -n
alias_maps = hash:/etc/aliases
biff = no
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter =
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
defer_transports =
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
disable_vrfy_command = yes
html_directory = /usr/share/doc/packages/postfix-doc/html
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 0
mailbox_transport =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 0
message_strip_characters = \0
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = hanskruegerenterprizes.com
myhostname = server.hanskruegerenterprizes.com
mynetworks = 192.168.1.0/24 74.75.130.31/32
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES
relay_clientcerts =
relayhost = hanskruegerenterprizes.com
relocated_maps = hash:/etc/postfix/relocated
sample_directory = /usr/share/doc/packages/postfix-doc/samples
sender_canonical_maps = hash:/etc/postfix/sender_canonical
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_enforce_tls = no
smtp_sasl_auth_enable = no
smtp_sasl_password_maps =
smtp_sasl_security_options =
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_cert_file =
smtp_tls_key_file =
smtp_tls_session_cache_database =
smtp_use_tls = no
smtpd_banner = $myhostname ESMTP
smtpd_client_restrictions =
smtpd_delay_reject = yes
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination
smtpd_sasl_auth_enable = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_ask_ccert = no
smtpd_tls_cert_file =
smtpd_tls_key_file =
smtpd_tls_received_header = no
smtpd_use_tls = no
strict_8bitmime = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual

looking to receive mail only

port 25 is not blocked
Ports found to be OPEN were: 25, 80

have port forwarding from my router to the server
it has worked on my old server which died 
th old box was suse 11.2
the new one is suse 12.3



--
Hans Krueger
[hidden email]

registered Linux user 289023
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

lists@rhsoft.net


Am 21.12.2013 22:58, schrieb Hans Krueger:

> netstat -natpu
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
> tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      930/dovecot        
> tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      600/httpd2-prefork
> tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1083/perl          
> tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      940/sshd          
> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3846/master        
> tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      6687/1            
> tcp        0    720 192.168.1.3:22          192.168.1.192:48605     ESTABLISHED 6684/sshd: hans [pr
> tcp        0      0 :::631                  :::*                    LISTEN      1/init            
> udp        0      0 0.0.0.0:59588           0.0.0.0:*                           408/avahi-daemon: r
> udp        0      0 0.0.0.0:5353            0.0.0.0:*                           408/avahi-daemon: r
> udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1083/perl          
> udp        0      0 0.0.0.0:631             0.0.0.0:*                           1/init            
> udp        0      0 192.168.1.3:123         0.0.0.0:*                           958/ntpd          
> udp        0      0 127.0.0.1:123           0.0.0.0:*                           958/ntpd          
> udp        0      0 0.0.0.0:123             0.0.0.0:*                           958/ntpd          
> udp        0      0 :::5353                 :::*                                408/avahi-daemon: r
> udp        0      0 :::46878                :::*                                408/avahi-daemon: r
> udp        0      0 :::123                  :::*                                958/ntpd    
>
> PORT      STATE SERVICE
> 22/tcp    open  ssh
> 25/tcp    open  smtp
> 80/tcp    open  http
> 143/tcp   open  imap
> 10000/tcp open  snet-sensor-mgmt
>
> *looking to receive mail only*
>
> port 25 is not blocked
>
> Ports found to be OPEN were: 25, 80
>
> have port forwarding from my router to the server
> it has worked on my old server which died
> th old box was suse 11.2
> the new one is suse 12.3

well, then open th eport on the machines firewall
iptables --list --numeric --verbose
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Hans Krueger

On 12/21/2013 05:01 PM, [hidden email] wrote:

Am 21.12.2013 22:58, schrieb Hans Krueger:
netstat -natpu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      930/dovecot        
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      600/httpd2-prefork 
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      1083/perl          
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      940/sshd           
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      3846/master        
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      6687/1             
tcp        0    720 192.168.1.3:22          192.168.1.192:48605     ESTABLISHED 6684/sshd: hans [pr
tcp        0      0 :::631                  :::*                    LISTEN      1/init             
udp        0      0 0.0.0.0:59588           0.0.0.0:*                           408/avahi-daemon: r
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           408/avahi-daemon: r
udp        0      0 0.0.0.0:10000           0.0.0.0:*                           1083/perl          
udp        0      0 0.0.0.0:631             0.0.0.0:*                           1/init             
udp        0      0 192.168.1.3:123         0.0.0.0:*                           958/ntpd           
udp        0      0 127.0.0.1:123           0.0.0.0:*                           958/ntpd           
udp        0      0 0.0.0.0:123             0.0.0.0:*                           958/ntpd           
udp        0      0 :::5353                 :::*                                408/avahi-daemon: r
udp        0      0 :::46878                :::*                                408/avahi-daemon: r
udp        0      0 :::123                  :::*                                958/ntpd     

PORT      STATE SERVICE
22/tcp    open  ssh
25/tcp    open  smtp
80/tcp    open  http
143/tcp   open  imap
10000/tcp open  snet-sensor-mgmt

*looking to receive mail only*

port 25 is not blocked

Ports found to be OPEN were: 25, 80

have port forwarding from my router to the server
it has worked on my old server which died 
th old box was suse 11.2
the new one is suse 12.3
well, then open th eport on the machines firewall
iptables --list --numeric --verbose


Chain PORTFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1934  111K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.1.3:80 
  996 54708 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 to:192.168.1.3:25 
this worked with the old server

--
Hans Krueger
[hidden email]

registered Linux user 289023
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

lists@rhsoft.net


Am 21.12.2013 23:11, schrieb Hans Krueger:

> On 12/21/2013 05:01 PM, [hidden email] wrote:
>>> *looking to receive mail only*
>>>
>>> port 25 is not blocked
>>>
>>> Ports found to be OPEN were: 25, 80
>>>
>>> have port forwarding from my router to the server
>>> it has worked on my old server which died
>>> th old box was suse 11.2
>>> the new one is suse 12.3
>> well, then open th eport on the machines firewall
>> iptables --list --numeric --verbose
>>
>
> Chain PORTFORWARD (1 references)
>  pkts bytes target     prot opt in     out     source               destination        
>  1934  111K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.1.3:80
>   996 54708 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 to:192.168.1.3:25

on the *server* itself you need to open *incoming* connections from
the WAN and that is hardly "Chain PORTFORWARD" but "Chain INPUT"



Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Hans Krueger

On 12/21/2013 05:17 PM, [hidden email] wrote:

Am 21.12.2013 23:11, schrieb Hans Krueger:
On 12/21/2013 05:01 PM, [hidden email] wrote:
*looking to receive mail only*

port 25 is not blocked

Ports found to be OPEN were: 25, 80

have port forwarding from my router to the server
it has worked on my old server which died 
th old box was suse 11.2
the new one is suse 12.3
well, then open th eport on the machines firewall
iptables --list --numeric --verbose

Chain PORTFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1934  111K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.1.3:80 
  996 54708 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 to:192.168.1.3:25 
on the *server* itself you need to open *incoming* connections from
the WAN and that is hardly "Chain PORTFORWARD" but "Chain INPUT"




only have a web page to the router

--
Hans Krueger
[hidden email]

registered Linux user 289023
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Benny Pedersen-2
In reply to this post by Hans Krueger
Hans Krueger skrev den 2013-12-21 22:58:
> registered Linux user 289023

if you DNAT port 25, then you must tell postfix is works behind NAT

man 5 postconf

proxy_interfaces (default: empty)
        The  network interface addresses that this mail system receives
mail on
        by way of a proxy or network address translation unit.

        This feature is available in Postfix 2.0 and later.

        You must specify your "outside" proxy/NAT addresses when your
system is
        a  backup MX host for other domains, otherwise mail delivery
loops will
        happen when the primary MX host is down.

        Example:

        proxy_interfaces = 1.2.3.4


Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

lists@rhsoft.net
In reply to this post by Hans Krueger


Am 22.12.2013 00:08, schrieb Hans Krueger:

>
> On 12/21/2013 05:17 PM, [hidden email] wrote:
>>
>> Am 21.12.2013 23:11, schrieb Hans Krueger:
>>> On 12/21/2013 05:01 PM, [hidden email] wrote:
>>>>> *looking to receive mail only*
>>>>>
>>>>> port 25 is not blocked
>>>>>
>>>>> Ports found to be OPEN were: 25, 80
>>>>>
>>>>> have port forwarding from my router to the server
>>>>> it has worked on my old server which died
>>>>> th old box was suse 11.2
>>>>> the new one is suse 12.3
>>>> well, then open th eport on the machines firewall
>>>> iptables --list --numeric --verbose
>>>>
>>> Chain PORTFORWARD (1 references)
>>>  pkts bytes target     prot opt in     out     source               destination        
>>>  1934  111K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.1.3:80
>>>   996 54708 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 to:192.168.1.3:25
>> on the *server* itself you need to open *incoming* connections from
>> the WAN and that is hardly "Chain PORTFORWARD" but "Chain INPUT"
>>
> only have a web page to the router

what are you talking about?

i speak about *the server* and you are coming up with forwarding rules
that "Chain PORTFORWARD" above is *not* from the server

however, this is *not* a postfix problem at all if whatever on your network
rejects connections from outside
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

lists@rhsoft.net
In reply to this post by Benny Pedersen-2

Am 22.12.2013 00:56, schrieb Benny Pedersen:

> Hans Krueger skrev den 2013-12-21 22:58:
>> registered Linux user 289023
>
> if you DNAT port 25, then you must tell postfix is works behind NAT
>
> man 5 postconf
>
> proxy_interfaces (default: empty)
>        The  network interface addresses that this mail system receives mail on
>        by way of a proxy or network address translation unit.
>
>        This feature is available in Postfix 2.0 and later.
>
>        You must specify your "outside" proxy/NAT addresses when your system is
>        a  backup MX host for other domains, otherwise mail delivery loops will
>        happen when the primary MX host is down.
>
>        Example:
>        proxy_interfaces = 1.2.3.4

this is completly off-topic and not relevant because he
can't connect and so is far away from mail loops

1 out of 1000 NAT setups needs to touch this above at all
because "when your system is a  backup MX host" is not
that often used these days for most setups
Reply | Threaded
Open this post in threaded view
|

Re: post fix problem

Przemysław Orzechowski
In reply to this post by Hans Krueger
W dniu 22.12.2013 00:08, Hans Krueger pisze:

On 12/21/2013 05:17 PM, [hidden email] wrote:
Am 21.12.2013 23:11, schrieb Hans Krueger:
On 12/21/2013 05:01 PM, [hidden email] wrote:
*looking to receive mail only*

port 25 is not blocked

Ports found to be OPEN were: 25, 80

have port forwarding from my router to the server
it has worked on my old server which died 
th old box was suse 11.2
the new one is suse 12.3
well, then open th eport on the machines firewall
iptables --list --numeric --verbose

Chain PORTFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 1934  111K DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.1.3:80 
  996 54708 DNAT       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25 to:192.168.1.3:25 
on the *server* itself you need to open *incoming* connections from
the WAN and that is hardly "Chain PORTFORWARD" but "Chain INPUT"




only have a web page to the router

--
Hans Krueger
[hidden email]

registered Linux user 289023
Well You are using Suse wich means most probably Yast is used to configure Your server.
You need to either override Yast created firewall rules on Your server or tell Yast that You want postfix to recive connections on port 25 (by default Yast configures firewall on Your server to drop almost everything).