HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   email clients cannot send smtp ispconfig 3 (http://www.howtoforge.com/forums/showthread.php?t=58337)

nil ens 22nd August 2012 02:48

email clients cannot send smtp ispconfig 3
 
Hello,

I have a new install of ISPConfig3 (my first one) exactly following the tutorial The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3]. I'm having problems with remote clients being able to send email via the ISPConfig3 mail server regardless whether they use Thunderbird, Outlook, etc. IMAP and POP3 work fine.

The server is on a virtual machine and NAT'd behind a firewall but all mail ports are open and port forwarded through the firewall. I can successfully send smtp if I connect to the server from a client using the public (inside) IP but cannot if I use the private (internet facing) IP. I know the firewall is not blocking the packets because I debugged and logged smtp packets and the logs show the firewall passing port 25 through to the server.

For example, below is the output from testing using a telnet session. The first test uses the public IP and the second uses the private IP.

Code:

[lself@ex3ws51 ~]$ telnet 192.168.32.101 25
Trying 192.168.32.101...
Connected to 192.168.32.101.
Escape character is '^]'.
220 ex3ksweb01.ex3host.com ESMTP
ehlo mail.ex3.com
250-ex3ksweb01.ex3host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: lself@ex3.com
250 2.1.0 Ok
rcpt to: fidough@ex3test.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test message 20120821_1636
.
250 2.0.0 Ok: queued as 7267F1A4F3
quit
221 2.0.0 Bye
Connection closed by foreign host.

[lself@ex3ws51 ~]$ telnet mail.ex3test.com 25
Trying 69.149.138.211...
telnet: connect to address 69.149.138.211: Connection refused

Here is a tail of my mail.log file:

Code:

Aug 21 19:30:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:30:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: connect from localhost[127.0.0.1]
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: disconnect from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:35:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: connect from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: disconnect from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:40:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: connect from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: disconnect from localhost[127.0.0.1]

I searched for a fix here on the site but no post seemed to fit. I'm not sure if it has to do with SASL or the configuration of amavisd.

Any suggestions?

till 22nd August 2012 08:45

Please post the output of:

netstat -tap

nil ens 22nd August 2012 19:27

Thanks for the quick reply. Here is the output.

Unfortunately I'm new to Debian and I'm still learning where / how to do setting for the firewall, etc.

Code:

root@ex3ksweb01:/var/log# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address          Foreign Address        State      PID/Program name
tcp        0      0 *:mysql                *:*                    LISTEN      1658/mysqld   
tcp        0      0 *:pop3                  *:*                    LISTEN      1955/dovecot   
tcp        0      0 *:imap2                *:*                    LISTEN      1955/dovecot   
tcp        0      0 *:sunrpc                *:*                    LISTEN      779/portmap   
tcp        0      0 *:ftp                  *:*                    LISTEN      1794/pure-ftpd (SER
tcp        0      0 ex3ksweb01.ex3ho:domain *:*                    LISTEN      1049/named     
tcp        0      0 localhost:domain        *:*                    LISTEN      1049/named     
tcp        0      0 *:ssh                  *:*                    LISTEN      1669/sshd     
tcp        0      0 *:smtp                  *:*                    LISTEN      1920/master   
tcp        0      0 localhost:953          *:*                    LISTEN      1049/named     
tcp        0      0 *:imaps                *:*                    LISTEN      1955/dovecot   
tcp        0      0 *:pop3s                *:*                    LISTEN      1955/dovecot   
tcp        0      0 *:59813                *:*                    LISTEN      792/rpc.statd 
tcp        0      0 localhost:10024        *:*                    LISTEN      1257/amavisd (maste
tcp        0      0 localhost:10025        *:*                    LISTEN      1920/master   
tcp        0      0 localhost:33430        localhost:mysql        ESTABLISHED 1258/amavisd (ch9-a
tcp        0      0 localhost:mysql        localhost:33430        ESTABLISHED 1658/mysqld   
tcp        0      0 localhost:mysql        localhost:33446        ESTABLISHED 1658/mysqld   
tcp        0    48 ex3ksweb01.ex3host.:ssh 192.168.20.151:60429    ESTABLISHED 2309/sshd: administ
tcp        0      0 localhost:33446        localhost:mysql        ESTABLISHED 1259/amavisd (ch8-a
tcp6      0      0 [::]:http-alt          [::]:*                  LISTEN      1277/apache2   
tcp6      0      0 [::]:www                [::]:*                  LISTEN      1277/apache2   
tcp6      0      0 [::]:tproxy            [::]:*                  LISTEN      1277/apache2   
tcp6      0      0 [::]:ftp                [::]:*                  LISTEN      1794/pure-ftpd (SER
tcp6      0      0 [::]:domain            [::]:*                  LISTEN      1049/named     
tcp6      0      0 [::]:ssh                [::]:*                  LISTEN      1669/sshd     
tcp6      0      0 ip6-localhost:953      [::]:*                  LISTEN      1049/named     
tcp6      0      0 [::]:https              [::]:*                  LISTEN      1277/apache2   
root@ex3ksweb01:/var/log#


till 23rd August 2012 09:21

Thats ok, postfix is listening on all interfaces.

So the connecion must be blocked by a firewall, this can be the firewall on the server itself. Test it with:

iptables -L

A firewall in a router in front of the server or a firewall of your internet acccess provider. Many providers block port 25 to avoid spam, so if your server is not located in a datacenter, then its likely that your provider blocks the smtp connections.

nil ens 23rd August 2012 20:11

Thanks again for the assistance.

Below is the output of the iptables command. If I read this correctly, there is not a rule for smtp. I would have expected the rule to be installed during the setup as shown in the tutorial. Did I miss a step?

So at this point do I need to create another fail2ban filter and set up a chain in iptables? and if so can you let me know the command(s) to do that?

Regards.

Code:

root@ex3ksweb01:~# iptables -L
Chain INPUT (policy ACCEPT)
target    prot opt source              destination       
fail2ban-ssh  tcp  --  anywhere            anywhere            multiport dports ssh
fail2ban-pureftpd  tcp  --  anywhere            anywhere            multiport dports ftp
fail2ban-dovecot-pop3imap  tcp  --  anywhere            anywhere            multiport dports pop3,pop3s,imap2,imaps

Chain FORWARD (policy ACCEPT)
target    prot opt source              destination       

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination       

Chain fail2ban-dovecot-pop3imap (1 references)
target    prot opt source              destination       
RETURN    all  --  anywhere            anywhere           

Chain fail2ban-pureftpd (1 references)
target    prot opt source              destination       
RETURN    all  --  anywhere            anywhere           

Chain fail2ban-ssh (1 references)
target    prot opt source              destination       
RETURN    all  --  anywhere            anywhere           
root@ex3ksweb01:~#


nil ens 24th August 2012 22:32

Nevermind. It turns out that our internet provider was blocking ports to that location. They shouldn't have been, but they were.

Thanks for your help in pointing to the problem.

Cheers!


All times are GMT +2. The time now is 03:09.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.