Server A:
netstat -tap
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:10024 *:* LISTEN 1113/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 10998/master
tcp 0 0 *:mysql *:* LISTEN 1061/mysqld
tcp 0 0 *:submission *:* LISTEN 10998/master
tcp 0 0 *:http-alt *:* LISTEN 11464/apache2
tcp 0 0 *:www *:* LISTEN 11464/apache2
tcp 0 0 XX-XXX-XXX-XXX.b:domain *:* LISTEN 2740/named
tcp 0 0 thisismydomain:domain *:* LISTEN 2740/named
tcp 0 0 localhost.locald:domain *:* LISTEN 2740/named
tcp 0 0 *:ftp *:* LISTEN 1934/pure-ftpd (SER
tcp 0 0 *:ssh *:* LISTEN 937/sshd
tcp 0 0 *:smtp *:* LISTEN 10998/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 2740/named
tcp 0 0 *:https *:* LISTEN 11464/apache2
tcp 0 0 localhost.localdo:mysql localhost.localdo:50214 ESTABLISHED 1061/mysqld
tcp 0 248 thisismydomain.c:ssh 69-168-254-123.br:55688 ESTABLISHED 17411/sshd: ohdweb
tcp 0 0 localhost.localdo:50216 localhost.localdo:mysql ESTABLISHED 11489/smtpd
tcp 0 0 localhost.localdo:50213 localhost.localdo:mysql ESTABLISHED 13573/trivial-rewri
tcp 0 0 localhost.localdo:mysql localhost.localdo:50216 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:mysql localhost.localdo:50213 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:50204 localhost.localdo:mysql ESTABLISHED 13630/amavisd (ch1-
tcp 0 0 localhost.localdo:50215 localhost.localdo:mysql ESTABLISHED 11489/smtpd
tcp 0 0 localhost.localdo:50218 localhost.localdo:mysql ESTABLISHED 13574/proxymap
tcp 0 0 localhost.localdo:mysql localhost.localdo:50217 ESTABLISHED 1061/mysqld
tcp 0 0 thisismydomain.:smtp static.227.227.47:47934 TIME_WAIT -
tcp 0 0 localhost.localdo:50221 localhost.localdo:mysql ESTABLISHED 13574/proxymap
tcp 0 0 localhost.localdo:10025 localhost.localdo:59219 TIME_WAIT -
tcp 0 0 localhost.localdo:mysql localhost.localdo:50212 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:59204 localhost.localdo:10025 ESTABLISHED 13630/amavisd (ch1-
tcp 0 0 localhost.localdo:49970 localhost.localdo:mysql TIME_WAIT -
tcp 0 0 localhost.localdo:mysql localhost.localdo:50218 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:mysql localhost.localdo:50221 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:mysql localhost.localdo:50215 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:10025 localhost.localdo:59204 ESTABLISHED 13654/smtpd
tcp 0 0 thisismydomain.:smtp 42.113.172.235:50138 TIME_WAIT -
tcp 0 0 localhost.localdo:50214 localhost.localdo:mysql ESTABLISHED 13574/proxymap
tcp 0 0 localhost.localdo:50212 localhost.localdo:mysql ESTABLISHED 13574/proxymap
tcp 0 0 localhost.localdo:mysql localhost.localdo:50204 ESTABLISHED 1061/mysqld
tcp 0 0 localhost.localdo:50217 localhost.localdo:mysql ESTABLISHED 13574/proxymap
tcp6 0 0 [::]:imaps [::]:* LISTEN 1752/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 1818/couriertcpd
tcp6 0 0 [::]:pop3 [::]:* LISTEN 1782/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1711/couriertcpd
tcp6 0 0 [::]:domain [::]:* LISTEN 2740/named
tcp6 0 0 [::]:ftp [::]:* LISTEN 1934/pure-ftpd (SER
tcp6 0 0 [::]:ssh [::]:* LISTEN 937/sshd
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 2740/named
tcp6 0 0 thisismydomain.:pop3 69-168-254-123.br:58708 TIME_WAIT -
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49616 ESTABLISHED 8828/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49610 ESTABLISHED 8824/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49611 ESTABLISHED 8808/imapd
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49615 ESTABLISHED 8829/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49617 ESTABLISHED 8813/imapd
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:53905 ESTABLISHED 4950/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49597 ESTABLISHED 8815/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:65311 ESTABLISHED 5303/imapd
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49595 ESTABLISHED 8817/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49603 ESTABLISHED 8825/couriertls
tcp6 0 0 thisismydomain:imap2 69-168-254-123.br:49612 ESTABLISHED 8819/couriertls
tcp6 0 0 thisismydomain.:pop3 69-168-254-123.br:58723 TIME_WAIT -
iptables -L
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-courierimaps tcp -- anywhere anywhere multiport dports imaps
fail2ban-courierpop3 tcp -- anywhere anywhere multiport dports pop3
fail2ban-courierimap tcp -- anywhere anywhere multiport dports imap2
fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports ftp,ftp-data,ftps,ftps-data
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-courierimap (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-courierimaps (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-courierpop3 (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-courierpop3s (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-pure-ftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-sasl (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
/etc/postfix/main.cf
Code:
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = thisismydomain.com
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
myorigin = /etc/mailname
mydestination = thisismydomain.com, localhost, localhost.localdomain, $mydomains
relayhost =
mynetworks = 127.0.0.0/8 [::1]/128, XXX.XXX.XXX.XXX
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/var/lib/mailman/data/virtual-mailman
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_security_level = may
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_$
smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf
smtpd_client_message_rate_limit = 100
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
virtual_transport = maildrop
header_checks = regexp:/etc/postfix/header_checks
mime_header_checks = regexp:/etc/postfix/mime_header_checks
nested_header_checks = regexp:/etc/postfix/nested_header_checks
body_checks = regexp:/etc/postfix/body_checks
owner_request_special = no
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
message_size_limit = 0
Just looking to get Server B to send through Server A...
Server B is behind a NAT on a Cisco router. All ports open, nothing blocked at the router level.