Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 21st February 2012, 02:46
dramsey dramsey is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Postfix times out on non-local domains

I've been running two Mac servers for a few years on my AT&T UVerse account. Each has a domain or two and manages email. I haven't touched the configuration of either machine in months.

Sometime early Saturday, both machines (running different versions of OS X Server) lost the ability to send mail outside their own domains. Looking at mail.log reveals endless lists of lines like this:

Code:
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40074]: connect to laventanaed.com.1.0001.arsmtp.com[174.143.82.66]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40076]: connect to laventanaed.com.1.0001.arsmtp.com[174.143.82.66]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40068]: connect to alln-mx-01.cisco.com[173.37.145.198]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40067]: connect to mx1.biz.mail.yahoo.com[74.6.140.31]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40077]: connect to lore.ebay.com[216.113.175.103]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40075]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40073]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
Feb 18 17:33:07 99-26-248-108 postfix/smtp[40072]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
As you can see, any attempt to contact a non-local server (such as if I try to send email to someone at mac.com or yahoo.com or whatever) times out.

Now, it looks for all the world to me as if AT&T decided to start blocking Port 25 outbound on my account. But after spending upwards of 6 hours on the phone over the past couple of days, being passed from Tier 1 support to Tier 2 support to ConnectTech to AT&T 360tech.com, they all swear that they're not.

As far as I can tell, I'm not on any blacklists, either.

Does anyone have any clue what could possibly be causing this? I'm out of ideas.
Reply With Quote
Sponsored Links
  #2  
Old 21st February 2012, 14:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Regarding blacklists - can you check here again? http://mxtoolbox.com/blacklists.aspx
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 21st February 2012, 16:50
dramsey dramsey is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, but that was the first one I checked. It's clean (99.26.248.104)...
Reply With Quote
  #4  
Old 21st February 2012, 17:02
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

To test if its a postfix / server config issue or a problem with your provider, you can try to connect to a external server with telnet on the shell like this:

telnet external.mail.server 25

where external.mail.server must be replaced with the hostname or IP of a external smtp server. If this times out as well, then it must be a problem with AT&T or your firewall. If you get a response line (e.g. like this):

220 externalserver ESMTP Postfix (Debian/GNU)

then it must be a config problem on your server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 21st February 2012, 17:05
dramsey dramsey is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I can't telnet to port 25 on any external system. My firewalls are not blocking it. AT&T swears port 25 is not blocked-- I spent over 6 hours on the phone with them yesterday, going through multiple levels of tech support and even paying a $50 fee to the incompetent idiots at ConnectTech (AT&T's third party support).

(I don't necessarily blame ConnectTech for not being able to fix the problem, but it was obvious within seconds that the India-based tech had no fucking idea what he was doing.)

I should mention that I can't telnet to port 25 on any external machine from any computer on my network, not just my server.

I guess I'm just screwed.

Last edited by dramsey; 21st February 2012 at 17:08.
Reply With Quote
  #6  
Old 21st February 2012, 17:08
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Most providers offer connections only to their own smtp servers. If you know the official smtp servers from at&t, try to connect to them with telnet. If that works, you can be sure that at&t put a slective filter on port 25.
if you can reach the at&t smtp servers, then you can e.g. try to reconfigure your postfix to relay all outgoing emails trogh the at&t servers.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 21st February 2012, 17:09
dramsey dramsey is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

That's what I'm going to try now...

Of course, all this worked perfectly for years until last Saturday...
Reply With Quote
  #8  
Old 21st February 2012, 17:13
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

One more thing, if port 25 connections to the at&t servers dont work, try port 587 too. This port is aclled submission port and can be used for mail delivery by smtp on most servers as well.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #9  
Old 21st February 2012, 17:47
dramsey dramsey is offline
Junior Member
 
Join Date: Feb 2012
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till View Post
One more thing, if port 25 connections to the at&t servers dont work, try port 587 too. This port is aclled submission port and can be used for mail delivery by smtp on most servers as well.
I'd love to, if I could figure out any way to get Postfix to send out over port 587. I've spent a fair amount of time on this and don't see how to do it (getting it to listen on a different port is easy.

Re relaying through AT&T's SMTP server:

Code:
Feb 21 08:26:46 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[98.139.221.42]:25: Operation timed out
Feb 21 08:26:46 neko postfix/smtp[10386]: warning: SASL authentication failure: No worthy mechs found
Feb 21 08:26:46 neko postfix/smtp[10386]: BDD1873F6F: SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[68.142.198.11]: no mechanism available
Feb 21 08:27:16 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[98.138.31.74]:25: Operation timed out
Feb 21 08:27:46 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[67.195.15.66]:25: Operation timed out
Reply With Quote
  #10  
Old 21st February 2012, 17:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
 
Default

Quote:
Originally Posted by dramsey View Post
I'd love to, if I could figure out any way to get Postfix to send out over port 587. I've spent a fair amount of time on this and don't see how to do it (getting it to listen on a different port is easy.
Thats described e.g. here:

http://www.howtoforge.com/how-to-rel...postfix-server
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Catchall and Forwarding not working simmo General 6 22nd March 2014 00:54
ISPConfig "backend" completely unfunctional after a restart Xaymar Installation/Configuration 1 22nd August 2011 22:31
Email Could not send and receive piseth Installation/Configuration 16 17th July 2010 18:27
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 09:40


All times are GMT +2. The time now is 14:20.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.