Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th November 2009, 18:36
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix Connection Timed Out

Hello all,
I have 2 mail servers that have worked perfectly well for quite some time, until the past few days or so. My main server that has a lot more traffic ended up getting blacklisted because my isp didn't follow-through on my request to update the ptr record so that it wasn't generic. That has since been resolved, and the server is no longer blacklisted (as of a week and a half ago).

However, since 11/16, I have been unable to send mail from my main server to my second server. My mail.log on the server being blocked shows:

Nov 18 11:57:03 mail postfix/qmgr[22349]: AB2EF507A84F: from=<me@mainserver.com>, size=11561, nrcpt=1 (queue active)
Nov 18 11:57:33 mail postfix/smtp[1936]: connect to mail.myotherserver.com[aa.bb.cc.dd]:25: Connection timed out
Nov 18 11:57:33 mail postfix/smtp[1936]: AB2EF507A84F: to=<me@myotherserver.com>, relay=none, delay=165659, delays=165629/0.01/30/0, dsn=4.4.1, status=deferred (connect to mail.myotherserver.com[aa.bb.cc.dd]:25: Connection timed out)

On my other server, I modified my main.cf so that the rbls were commented out, in hopes that this would allow for traffic from my main server to pass through without an issue. Here's how it is configured at this moment (the file is identical on both servers):

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.myotherserver.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command =
mailbox_size_limit = 0
message_size_limit = 102400000
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/

virtual_maps = hash:/etc/postfix/virtusertable

mydestination = /etc/postfix/local-host-names

smtpd_sender_restrictions =
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
# reject_rbl_client b.barracudacentral.org,
# reject_rbl_client bl.spamcop.net,
# reject_rbl_client sbl-xbl.spamhaus.org,
# reject_rbl_client zen.spamhaus.org,
permit_mynetworks,reject_unauth_destination

smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_unknown_sender_domain,
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
# reject_rbl_client b.barracudacentral.org,
# reject_rbl_client bl.spamcop.net,
# reject_rbl_client sbl-xbl.spamhaus.org,
# reject_rbl_client zen.spamhaus.org,
permit_mynetworks,reject_unauth_destination


So the question is - is there something in these configurations that could possibly still be blocking my server, or do I simply have to wait a while longer for the blacklist to propogate so that it no longer shows me? Both servers still send and receive mail just fine from any other legitimate source, and I can send from me@myotherserver.com to me@mainserver.com.

I have seen some other threads with similar issues, but the steps taken in there still didn't resolve what I'm experiencing.

Thanks,
Kamp

Last edited by kamp; 18th November 2009 at 18:37. Reason: Minor edit
Reply With Quote
Sponsored Links
  #2  
Old 19th November 2009, 07:41
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,174
Thanks: 829
Thanked 5,412 Times in 4,255 Posts
Default

Most likely provider is blocking connections on port 25 or you configured a firewall to block port 25.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 19th November 2009, 14:50
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Port 25

Till,
Thanks for the reply - port 25 is open - I'm still getting traffic from elsewhere without any issues, and I tested with telnet and dnsreport to ensure that the port is open. Any other possibilities?

Thanks,
Kamp
Reply With Quote
  #4  
Old 19th November 2009, 14:55
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,174
Thanks: 829
Thanked 5,412 Times in 4,255 Posts
Default

You tested with telnet on the shell of the server were you got the error messages in the log to connect to mail.myotherserver.com? All other tests mean nothing as they will not give you an answer if port 25 is blocked on the way between these two servers.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 19th November 2009, 21:10
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Till,
Yes, I ran the telnet session from the server being blocked to see if it will connect to the other server:

telnet aa.bb.cc.dd 25
Trying aa.bb.cc.dd...
Connected to aa.bb.cc.dd.
Escape character is '^]'.
220 mail.myotherserver.com ESMTP Postfix (Debian/GNU)
Reply With Quote
  #6  
Old 20th November 2009, 13:36
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Do you use fail2ban? Maybe fail2ban is blocking your server.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 2nd December 2009, 18:00
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I do use fail2ban, but I have had both IP addresses in the ignoreip listing because I ran into issues before with users blocking themselves out by not remembering their passwords.
Reply With Quote
  #8  
Old 2nd December 2009, 18:27
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've been trying to think of configuration changes that may have contributed to my current predicament... The only thing I can think of beyond the modifications of the main.cf that I posted is that I changed the ban time on fail2ban to be -1. This has resulted in a lot of banned ip addresses at a given time, but they are all legitimate bans (i.e. spammers and brute force attacks). Would the sheer number of banned ip addresses mess with anything? I rather enjoy having these all permanently banned because it has been a significant difference, but I don't want it to be at the expense of other functionality.
Reply With Quote
  #9  
Old 3rd December 2009, 17:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by kamp View Post
Would the sheer number of banned ip addresses mess with anything?
I don't think so.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #10  
Old 3rd December 2009, 18:21
kamp kamp is offline
Junior Member
 
Join Date: Nov 2009
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Is there any other configuration info that you need that would assist with this?
Reply With Quote
Reply

Bookmarks

Tags
blacklist, postfix, timeout

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ispconfig 3 cant receive emails lishaw1968 Installation/Configuration 25 19th August 2013 10:37
Attacks on MTA dclardy Installation/Configuration 4 29th September 2009 16:50
Mail not working epicuniversal General 5 13th June 2009 08:24
Mail Question: installed smf forum on centos perfect server setup with ispconfig happz Installation/Configuration 7 22nd August 2008 13:15
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 16:33


All times are GMT +2. The time now is 14:57.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.