PDA

View Full Version : Sending mails to remote domains is not working.


nandhu
10th August 2005, 10:45
Hi All,

I reinstalled my system again. Followed Falko's instruction close to every single letter.

I now have a kind of working system with ISP Config as well.

My problem now is as follows:

I can send emails to the domains I've created in ISP Config example.com and example1.com

Meaning I can send email from admin@example.com to admin@example1.com

But when I try to send emails to xyz@hotmail.com or xyz@yahoo.com I get the following message in my /var/log/maillog

Aug 09 18:45:39 myhostname postfix/smtp[2349]: 74FBF30501:
to=<recipient@gmail.com> relay=none, delay=10,
status=deferred (Name service error for name=gmail.com
type=MX: Host not found, try again)

But when I send an email from gmail.com to the domain I created in Postfix using ISP Config, I can receive the email successfully.

It only seems to be a problem while sending the email out of my LAN network.

I've an ADSL router and it is configured to allow connections on the following ports:

80,81,443,pop3,pop3s,imap,imaps

I did not install Firewall that comes in FC4 and I disabled SELINUX just as told to in Falko's instructions.

Is there anything else I need to do with regards to postconf configuration which would help my postfix send emails from AUthorised users like the ones created of ISP Config to send emails to others like @hotmail.com, yahoo.com, gmail.com etc etc.,

Thanks for your time and help. Much appreciated.

- Nanda.

falko
10th August 2005, 11:10
Aug 09 18:45:39 myhostname postfix/smtp[2349]: 74FBF30501:
to=<recipient@gmail.com> relay=none, delay=10,
status=deferred (Name service error for name=gmail.com
type=MX: Host not found, try again)


This looks as if your system cannot resolve domains. What does /etc/resolv.conf look like? Are there any DNS servers in it? If not, you could add the following lines to it:

nameserver 145.253.2.75
nameserver 193.174.32.18

You can as well use any other name server you know of (instead of 145.253.2.75 and 193.174.32.18).

nandhu
10th August 2005, 12:26
This looks as if your system cannot resolve domains. What does /etc/resolv.conf look like? Are there any DNS servers in it? If not, you could add the following lines to it:

nameserver 145.253.2.75
nameserver 193.174.32.18

You can as well use any other name server you know of (instead of 145.253.2.75 and 193.174.32.18).

Thanks Falko.

As of now before modifying my /etc/resolv.conf looks like the following:

search example.com
namerserver 192.168.0.1

The above IP address is also my Gateway/Router/ADSL Modem address

I'll change the /etc/resolv.conf just as you pointed out and will restart the named and network and see if that would help my cause.

Thanks for your time.

- Nanda.

nandhu
10th August 2005, 23:22
Hi,

I modified the /etc/resolv.conf to the nameservers you had specified.
and restarted /etc/init.d/named restart and then /etc/init.d/network restart

and tried sending an email from webmail to mailuser@gmail.com as well as mailuser@hotmail.com

And also tailed the /var/log/maillog and got the following caputured in the log

Aug 10 22:05:11 aasai ipop3d[6449]: pop3 service init from 127.0.0.1
Aug 10 22:05:12 aasai ipop3d[6449]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:12 aasai ipop3d[6449]: Login user=web1_admin host=localhost.localdomain [127.0.0.1] nmsgs=1/1
Aug 10 22:05:12 aasai ipop3d[6449]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:12 aasai ipop3d[6449]: Logout user=web1_admin host=localhost.localdomain [127.0.0.1] nmsgs=1 ndele=0
Aug 10 22:05:55 aasai postfix/smtpd[6470]: connect from localhost.localdomain[127.0.0.1]
Aug 10 22:05:55 aasai postfix/smtpd[6470]: E253F10F014D: client=localhost.localdomain[127.0.0.1]
Aug 10 22:05:55 aasai postfix/cleanup[6473]: E253F10F014D: message-id=<20050810210555.E253F10F014D@aasai.grandize.com>
Aug 10 22:05:55 aasai postfix/qmgr[5416]: E253F10F014D: from=<mailuser@example.com>, size=827, nrcpt=2 (queue active)
Aug 10 22:05:55 aasai ipop3d[6476]: pop3 service init from 127.0.0.1
Aug 10 22:05:55 aasai postfix/smtpd[6470]: disconnect from localhost.localdomain[127.0.0.1]
Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:56 aasai ipop3d[6476]: Login user=web1_mailuser host=localhost.localdomain [127.0.0.1] nmsgs=1/1
Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:56 aasai ipop3d[6476]: Logout user=web1_mailuser host=localhost.localdomain [127.0.0.1] nmsgs=1 ndele=0
Aug 10 22:05:57 aasai postfix/smtp[6475]: E253F10F014D: to=<mailuser@hotmail.com>, relay=mx2.hotmail.com[65.54.166.230], delay=2, status=sent (250 ok 1123707952 qp 5918)
Aug 10 22:05:57 aasai postfix/smtp[6474]: E253F10F014D: to=<mailuser@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.185.27], delay=2, status=sent (250 ok 1123707952 qp 5929)
Aug 10 22:05:57 aasai postfix/qmgr[5416]: E253F10F014D: removed


And logged into my hotmail as well as gmail to check the emails and no luck :(

I modified the /etc/resolv.conf to the nameservers of my DNS provider zoneedit.com and then restarted named and network and then tried sending emails to @hotmail and @gmail and still no luck

I again modified the /etc/resolv.conf to the DNS of my ISP (Which i called and got from my ISP E7even.com) and then restarted named and network. And then tried sending emails to @hotmail.com as well as to @gmail.com but still no luck.

I can see that from the logs it looks like it has correctly detected @hotmail.com as well as @gmail.com but I could not understand why i still did not receive any emails into both hotmail and gmail. Or log does not show of any trace of bounce back (Mailerdaemon) message.

Any help is greatly appreciated.

Also if you know how I can suppress this following error shown in the above log /var/log/maillog


Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection


- Nanda.

falko
10th August 2005, 23:33
Hi,

I modified the /etc/resolv.conf to the nameservers you had specified.
and restarted /etc/init.d/named restart and then /etc/init.d/network restart

and tried sending an email from webmail to mailuser@gmail.com as well as mailuser@hotmail.com

And also tailed the /var/log/maillog and got the following caputured in the log

Aug 10 22:05:11 aasai ipop3d[6449]: pop3 service init from 127.0.0.1
Aug 10 22:05:12 aasai ipop3d[6449]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:12 aasai ipop3d[6449]: Login user=web1_admin host=localhost.localdomain [127.0.0.1] nmsgs=1/1
Aug 10 22:05:12 aasai ipop3d[6449]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:12 aasai ipop3d[6449]: Logout user=web1_admin host=localhost.localdomain [127.0.0.1] nmsgs=1 ndele=0
Aug 10 22:05:55 aasai postfix/smtpd[6470]: connect from localhost.localdomain[127.0.0.1]
Aug 10 22:05:55 aasai postfix/smtpd[6470]: E253F10F014D: client=localhost.localdomain[127.0.0.1]
Aug 10 22:05:55 aasai postfix/cleanup[6473]: E253F10F014D: message-id=<20050810210555.E253F10F014D@aasai.grandize.com>
Aug 10 22:05:55 aasai postfix/qmgr[5416]: E253F10F014D: from=<mailuser@example.com>, size=827, nrcpt=2 (queue active)
Aug 10 22:05:55 aasai ipop3d[6476]: pop3 service init from 127.0.0.1
Aug 10 22:05:55 aasai postfix/smtpd[6470]: disconnect from localhost.localdomain[127.0.0.1]
Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:56 aasai ipop3d[6476]: Login user=web1_mailuser host=localhost.localdomain [127.0.0.1] nmsgs=1/1
Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection
Aug 10 22:05:56 aasai ipop3d[6476]: Logout user=web1_mailuser host=localhost.localdomain [127.0.0.1] nmsgs=1 ndele=0
Aug 10 22:05:57 aasai postfix/smtp[6475]: E253F10F014D: to=<mailuser@hotmail.com>, relay=mx2.hotmail.com[65.54.166.230], delay=2, status=sent (250 ok 1123707952 qp 5918)
Aug 10 22:05:57 aasai postfix/smtp[6474]: E253F10F014D: to=<mailuser@gmail.com>, relay=gmail-smtp-in.l.google.com[64.233.185.27], delay=2, status=sent (250 ok 1123707952 qp 5929)
Aug 10 22:05:57 aasai postfix/qmgr[5416]: E253F10F014D: removed


And logged into my hotmail as well as gmail to check the emails and no luck :(

I modified the /etc/resolv.conf to the nameservers of my DNS provider zoneedit.com and then restarted named and network and then tried sending emails to @hotmail and @gmail and still no luck

I again modified the /etc/resolv.conf to the DNS of my ISP (Which i called and got from my ISP E7even.com) and then restarted named and network. And then tried sending emails to @hotmail.com as well as to @gmail.com but still no luck.

I can see that from the logs it looks like it has correctly detected @hotmail.com as well as @gmail.com but I could not understand why i still did not receive any emails into both hotmail and gmail. Or log does not show of any trace of bounce back (Mailerdaemon) message.

Any help is greatly appreciated.

Your domain name resolution is now ok. The mails seem to have been sent, but I can think of 2 reasons why they didn't arrive in your mailboxes:

1) You're sending from your home network, so you most probably have a dynamic IP address. Most freemail providers like Gmail and Hotmail block emails from dynamic IP addresses.
2) You're sending from the domain example.com, and it's possible that Gmail and Hotmail see that you aren't example.com and therefore block your emails.

Also if you know how I can suppress this following error shown in the above log /var/log/maillog


Aug 10 22:05:56 aasai ipop3d[6476]: Mailbox vulnerable - directory /var/spool/mail must have 1777 protection


- Nanda.

Try to

chmod 1777 /var/spool/mail

nandhu
11th August 2005, 08:17
Your domain name resolution is now ok. The mails seem to have been sent, but I can think of 2 reasons why they didn't arrive in your mailboxes:

1) You're sending from your home network, so you most probably have a dynamic IP address. Most freemail providers like Gmail and Hotmail block emails from dynamic IP addresses.
2) You're sending from the domain example.com, and it's possible that Gmail and Hotmail see that you aren't example.com and therefore block your emails.



Try to

chmod 1777 /var/spool/mail

Hi Falko,

1) About 6 months before I use to have qmailtoaster installed on my Redhat 9 and then I could send emails to just about any domain. I do not know whether recently gmail or hotmail have blocked messages coming from dynamic ip address!!!

2) In posting here only I'm using @example.com actually I'm using my real domain name.

3) I've tried chmod 1777 /var/spool/mail but I read in redhat bug tracking that it is an unsecure lock mechanism that Iumap is using and that they do not recommend it. so they are not accepting it as a bug but said try and fix your MTA. ??!!

Many thanks for all your help.

- Nanda.

nandhu
11th August 2005, 17:30
Eventually I received my emails sent to my hotmail and gmail.

But I would like to know what has caused this delay which is easily more than 5 hours.

Why is there such a big delay? Is there anything I could do on my side to speed it up to like in few minutes rather than hours?

Thanks for all your help.

- Nanda.

nandhu
12th August 2005, 17:34
It was identified by Falko that my ISP's smtp server was interfering with my smtp servers connection to remote smtp server.

Thanks Falko. This is the reason why I'm experiencing delays in receiving the emails sent of my box.

Once again thanks to Falko and his team for such a wonderful step by step instructions so that even a no-vice like me can now install a perfect solution.

Cheers
Nanda.

Tekorei
8th February 2006, 23:24
hey a got the same error when trying to send mails outgoing mi LAN:

Feb 8 22:12:19 myserver postfix/qmgr[25081]: 31E2DA8734: to=<recipient@gmail.com>, relay=none, delay=0, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)

I think my /etc/resolv.conf is ok:

search e2k.com.py
nameserver 200.85.32.2 (ISP DNS Server)
nameserver 200.85.32.3 (ISP DNS Server)
nameserver 127.0.0.1

Something I noticed is when I stop the iptables service the mails are sent, but when I start the iptables service it doesnt work again..

ports 25 and 53 are enable in my firewall

what could be happening?

falko
9th February 2006, 00:22
Something I noticed is when I stop the iptables service the mails are sent, but when I start the iptables service it doesnt work again..

It seems as if your firewall is blocking access to the nameservers. Please post the output of iptables -L

Tekorei
9th February 2006, 00:49
Here it is..


Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:17190
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- 216.55.240.44 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- 172.16.128.62 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:domain

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

falko
9th February 2006, 11:12
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:domain

I guess this is the line that cause your problem... Can you remove it from your firewall (at least remove 192.168.0.1 so that it reads "anywhere" instead).

Tekorei
9th February 2006, 18:03
I guess this is the line that cause your problem... Can you remove it from your firewall (at least remove 192.168.0.1 so that it reads "anywhere" instead).

ok, I did it.. and got the same problem

Feb 9 16:55:48 myserver postfix/smtp[13521]: 9D951A87EC: to=<recipient@gmail.com>, relay=none, delay=56, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)

This is how iptables is configured now..

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.0.1 anywhere tcp dpt:17190
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- 216.55.240.44 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- 172.16.128.62 anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp

Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

:(

falko
9th February 2006, 21:02
Then I'd switch off the firewall and re-configure it step for step until the domain resolving doesn't work anymore. If you are at this step, then you know it was the last firewall rule you added. Remove that rule, and you should be fine.

Tekorei
17th February 2006, 02:48
falko,

is there any PREROUTING or POSTROUTING rule that I should add to my iptables to allowing my LAN for sending outgoing mails?

for now my server does send outgoing mails, but I cant access any external host on port 25 or 110 through my LAN.. or the server himself on port 25/110

this is my current iptables -L:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp spt:smtp
ACCEPT udp -- anywhere host33-10.wireless.com.py udp dpt:domain
ACCEPT udp -- host33-10.wireless.com.py host33-10.wireless.com.py udp spt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp spt:domain
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp spt:ssh
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp dpt:smtp
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp spt:smtp
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp dpt:pop3
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp dpt:http
ACCEPT udp -- anywhere host33-10.wireless.com.py udp dpt:domain
ACCEPT udp -- host33-10.wireless.com.py host33-10.wireless.com.py udp spt:domain
ACCEPT udp -- inet2.telecel.com.py host33-10.wireless.com.py udp spt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp spt:domain
ACCEPT tcp -- inet2.telecel.com.py host33-10.wireless.com.py tcp spt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp spt:pop3
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp spt:smtp
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp spt:ftp
ACCEPT tcp -- anywhere host33-10.wireless.com.py tcp spt:ftp-data
ACCEPT tcp -- anywhere host33-10.wireless.com.py
ACCEPT all -- 192.168.0.0/24 anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp dpt:smtp
ACCEPT udp -- host33-10.wireless.com.py anywhere udp spt:domain
ACCEPT udp -- host33-10.wireless.com.py host33-10.wireless.com.py udp dpt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp dpt:domain
ACCEPT tcp -- anywhere 192.168.0.0/24 tcp dpt:ssh
ACCEPT tcp -- anywhere 192.168.0.0/24 tcp spt:ssh
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp spt:smtp
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp dpt:smtp
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp spt:pop3
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp spt:http
ACCEPT udp -- host33-10.wireless.com.py anywhere udp spt:domain
ACCEPT udp -- host33-10.wireless.com.py host33-10.wireless.com.py udp dpt:domain
ACCEPT udp -- host33-10.wireless.com.py inet2.telecel.com.py udp dpt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp dpt:domain
ACCEPT tcp -- host33-10.wireless.com.py inet2.telecel.com.py tcp dpt:domain
ACCEPT tcp -- host33-10.wireless.com.py host33-10.wireless.com.py tcp dpt:pop3
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp dpt:smtp
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp dpt:ftp
ACCEPT tcp -- host33-10.wireless.com.py anywhere tcp dpt:ftp-data
ACCEPT tcp -- host33-10.wireless.com.py anywhere
ACCEPT all -- anywhere 192.168.0.0/24

host33-10.wireless.com.py = my servers host (given by the ISP)
inet2.telecel.com.py = ISP DNS host

falko
17th February 2006, 10:07
Hm... I'd simply switch off the complete firewall and then do as I suggested in my previous post. iptables is a very complex topic. :(

Tekorei
17th February 2006, 19:11
I already do that.. and not working anyway..

the point is that I although had set the firewall to accept all connections on all ports and even so it didn't work.. can't access any host on port 110 or 25

that's why I think there should be some PREROUTING or POSTROUTING line to make it works..

Tekorei
20th February 2006, 20:27
falko

I apologize.. the problem was on my client host.. I had a symantec client firewall running that was blocking ports 25 and 110 :o

the solution was to add as trusted servers my ISP's mailserver and also my internal mailserver on my firewall program..