HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=16)
-   -   SMTP issue when not on local LAN (http://www.howtoforge.com/forums/showthread.php?t=51791)

kforbes 8th March 2011 18:42

SMTP issue when not on local LAN
 
I am currently using version 2.2.6

Since we first installed the server, we have been unable to send email using our SMTP server when outside the local LAN (outside the office).
The error we receive in MS Outlook is 0x80042109.

Some information:
I've tried using IP address and hostname in email account settings, to no avail.
Port 25 is open on my firewall (and redirecting correctly to the mail server) and my ISP does not block traffic on port 25.
My server does not appear on any blacklists

I've searched through the forums and found a handful of users who had similar problems, but no firm solutions:
http://www.howtoforge.com/forums/showthread.php?t=17116
http://how2forge.net/forums/showthread.php?t=21808
http://how2forge.net/forums/showthread.php?t=42927

Any help would be greatly appreciated.

falko 9th March 2011 16:48

Are there any errors in your mail log (in the /var/log/ directory)?

kforbes 10th March 2011 05:50

Unfortunately no errors seem to appear,

I'm watching mail.log after performing a send/receive from Outlook while out of the office and with a message in my outbox.
I can see the connection from my IP to the mail server for courierpop3login (checking for new messages), but there's no other traffic listed between my IP and the mail server.

On the sending computer, Outlook simply stays with trying to send the message before finally failing and reporting back error code 0x80042109.

falko 10th March 2011 17:07

What are the outputs of
Code:

netstat -tap
and
Code:

iptables -L
? I guess Postfix isn't running or blocked by your firewall.

jnsc 10th March 2011 18:25

Do you use authentification when not on lan?

kforbes 10th March 2011 19:14

iptables -L output:
Code:

Chain INPUT (policy DROP)
target    prot opt source              destination
DROP      tcp  --  anywhere            127.0.0.0/8
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
ACCEPT    all  --  anywhere            anywhere
DROP      all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
PUB_IN    all  --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain FORWARD (policy DROP)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere            state RELATED,ESTABLISHED
DROP      all  --  anywhere            anywhere

Chain INT_IN (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain INT_OUT (0 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere
ACCEPT    all  --  anywhere            anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere
PUB_OUT    all  --  anywhere            anywhere

Chain PAROLE (9 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere

Chain PUB_IN (4 references)
target    prot opt source              destination
ACCEPT    icmp --  anywhere            anywhere            icmp destination-unreachable
ACCEPT    icmp --  anywhere            anywhere            icmp echo-reply
ACCEPT    icmp --  anywhere            anywhere            icmp time-exceeded
ACCEPT    icmp --  anywhere            anywhere            icmp echo-request
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ftp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:ssh
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:smtp
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:domain
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:www
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:81
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:pop3
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:https
PAROLE    tcp  --  anywhere            anywhere            tcp dpt:10000
ACCEPT    udp  --  anywhere            anywhere            udp dpt:domain
DROP      icmp --  anywhere            anywhere
DROP      all  --  anywhere            anywhere

Chain PUB_OUT (4 references)
target    prot opt source              destination
ACCEPT    all  --  anywhere            anywhere

I'll post the output of netstat -tap later tonight when I can post how it looks when I am out of the office and trying to send via the SMTP.

In my mail.log, there are instances of postfix/smtp running for users operating on the LAN, so I'm inclined to believe that postfix is running.
Also double checked that port 25 is open on the firewall and it is (and redirecting that traffic to the mail server).


jnsc:
I am using authentication both on and off the LAN.

kforbes 11th March 2011 13:24

netstat -tap
Code:


Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 *:mysql                *:*                    LISTEN    3886/mysqld
tcp        0      0 *:81                    *:*                    LISTEN    4208/ispconfig_http
tcp        0      0 *:ftp                  *:*                    LISTEN    4607/proftpd: (acce
tcp        0      0 192.168.1.100:domain    *:*                    LISTEN    4592/named
tcp        0      0 localhost.locald:domain *:*                    LISTEN    4592/named
tcp        0      0 *:smtp                  *:*                    LISTEN    28887/master
tcp        0      0 localhost.localdoma:953 *:*                    LISTEN    4592/named
tcp        0      1 192.168.1.100:44056    tornado.klis.com:smtp  SYN_SENT  11257/smtp
tcp        0      1 192.168.1.100:45795    homtail.co.uk:smtp      SYN_SENT  11258/smtp
tcp        0      0 192.168.1.100:smtp      promo-emm1.listen:38177 TIME_WAIT  -
tcp        0      0 192.168.1.100:smtp      mail-fx0-f43.goog:60721 ESTABLISHED11259/smtpd
tcp        0      0 192.168.1.100:smtp      content119b.lga2.:52959 ESTABLISHED9974/smtpd
tcp6      0      0 *:imaps                *:*                    LISTEN    3760/couriertcpd
tcp6      0      0 *:pop3s                *:*                    LISTEN    3795/couriertcpd
tcp6      0      0 *:pop3                  *:*                    LISTEN    3775/couriertcpd
tcp6      0      0 *:imap2                *:*                    LISTEN    3740/couriertcpd
tcp6      0      0 *:www                  *:*                    LISTEN    3467/apache2
tcp6      0      0 *:ssh                  *:*                    LISTEN    4049/sshd
tcp6      0      0 *:smtp                  *:*                    LISTEN    28887/master
tcp6      0      0 ip6-localhost:953      *:*                    LISTEN    4592/named
tcp6      0      0 *:https                *:*                    LISTEN    3467/apache2
tcp6      0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1982 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1983 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 ::ffff:10.0.0.1%32:1131 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 ::ffff:74.198.164:60933 ESTABLISHED-
tcp6      0      0 ::ffff:192.168.1.1:pop3 bda-67-223-89-17.:47640 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 ::ffff:74.198.164:38516 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 blk-30-141-246.ea:64118 TIME_WAIT  -
tcp6      0    148 ::ffff:192.168.1.10:ssh blk-30-141-246.ea:64081 ESTABLISHED11162/0
tcp6      0      0 ::ffff:192.168.1.1:pop3 hlfxns0188w-09919:61423 TIME_WAIT  -
tcp6      0      0 ::ffff:192.168.1.1:pop3 bda-67-223-93-115:34880 TIME_WAIT  -

blk-30-141-246.ea is my attempts outside of the office.

falko 11th March 2011 15:45

Can you disable your firewall for testing purposes and try again?

kforbes 11th March 2011 21:37

Hi falko,

I will attempt this over the weekend when there aren't as many employees in the office.

For reference: we're using a Watchguard Firebox as our Internet Gateway/Firewall. It also splits the connection coming in between the mail server and the office network (the mail server does not reside on the network itself).

The reason I believe the issue is not being caused by the firewall is two fold:
1) Prior to this, we had a switch and a router filling the role that the Firebox fills now and still had this issue come up.
2) The configuration in the Firebox's settings for SMTP (port 25) traffic is identical to the configuration for POP3 (port 110) traffic and POP3 traffic does work outside of the office.

But definitely will try to access without the firewall in place this weekend and will report back.

kforbes 12th March 2011 17:07

Wow, I am extremely sorry for wasting your time.

I put the mail server directly onto the Internet, avoiding the firewall and wouldn't you know it, SMTP worked.

So I guess it's on to trouble-shooting the Firebox.

Again, sorry for that. Thanks for the help.


All times are GMT +2. The time now is 03:38.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.