a postfix problem

Discussion in 'Installation/Configuration' started by dimas, Jan 8, 2008.

  1. dimas

    dimas Member

    I know there's a lot of posts on this forum about postfix, but I haven't found the answer...

    The problem is that I can't send emails to any external e-mail address (I'm using ISPConfig - the perfect setup on Debian Etch).

    However, I can receive all emails and I can successfully send emails locally (for example, from [email protected] to [email protected] - when the domain.com is hosted on my ISPConfig server)

    This is what I get in the mail.log when I try to send to an external e-mail address:

    Jan 9 01:32:36 server1 postfix/smtp[7867]: connect to mxs.mail.ru[194.67.23.20]: Connection timed out (port 25)
    Jan 9 01:32:36 server1 postfix/smtp[7867]: 7656E7041AF: to=<[email protected]>, relay=none, delay=30, delays=0.06/0.01/30/0, dsn=4.4.1, status=deferred (connect to mxs.mail.ru[194.67.23.20]: Connection timed out)

    Please note that I can ping 194.67.23.20 from the server
    Port 25 is not blocked.

    Actually, the problem started when I changed the ISP (naturally I had to change the IP addresses everywhere, and everything works except for sending mails).

    Any ideas? Please?
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Is your server hosted in a datacenter with fixed IP or does it has a dynamic IP?
     
  3. xrat

    xrat Member

    I think you should/need to give us more information. Is mxs.mail.ru your mail provider? I assume with "Port 25 is not blocked." you mean your port 25. You should try to connect port 25 of mxs.mail.ru, though, e.g. by means of telnet. I just did and mxs.mail.ru answers just fine.

    As till suggested, you might have a problem connecting to mxs.mail.ru because your servers IP address has no reverse DNS entry. I cannot check that for you, though. If you provide us with your IP we can check it. Or you look for one of the may on-line tools which provide DNS checks.

    http://www.rscott.org/dns/
    http://ip-address.domaintools.com/ (click on the D icon) and
    http://network-tools.com/ might help.

    HTH, -- xrat
     
  4. dimas

    dimas Member

  5. Rockdrala

    Rockdrala New Member

    DNS Server Response:
    lan-237-055.users.mns.ru

    Your reverse DNS looks kind of screwy to the mail server your describing.

    You might need to get it changed to reflect your actual mail record with your ISP.

    I wouldnt be comfortable with using mail.ru either.

    Its on a ton of blacklists. that may be your problem too.

    Use your ispconfig manager to add the record mail.mensbest.ru
    and mx record for mail.mensbest.ru where you control mensbest.ru

    then your dns server will be pointing to correct mail sub domain as your own mail server.

    Check to make sure your ifconfig lists 80.70.237.55 as your IP address. If it lists a local IP address then setup your IPgateway to allow true static IP management and call your ISP to find out what is the Subnet they made for your IP 80.70.237.55. Give the Ifconfig IP 80.70.237.55 and that subnet and the DNS servers your ISP told you to use to use that static IP.

    at that point your mail.mensbest.ru will be its own dependant mail server.

    If you got a netblock of statics you should be using one of the static ips for its own mail server. it looks better for RDNS and some email servers will deny email if you dont have rDNS set up on it own static ip for mail servers.
     
    Last edited: Jan 9, 2008
  6. dimas

    dimas Member

    The thing is, mail.mensbest.ru is already set up the way you described, and the e-mail account [email protected] from which I'm trying to send e-mails uses mail.mensbest.ru as pop3 & smtp.

    I was using [email protected] just as an example of an external e-mail address. It's the same with any other external address.

    For example, now I'm trying to send an email from [email protected] to [email protected]

    Here is the log (actually I notice that there are some warnings, so it's a bigger part of log, please note that 80.70.237.60 is the IP of the windows pc with an e-mail client that I'm using to send an email):

    Jan 9 16:44:12 server1 postfix/smtpd[20005]: warning: 80.70.237.60: address not listed for hostname lan-237-060.users.mns.ru
    Jan 9 16:44:12 server1 postfix/smtpd[20005]: connect from unknown[80.70.237.60]
    Jan 9 16:44:12 server1 postfix/smtpd[20005]: 382D47041C1: client=unknown[80.70.237.60], sasl_method=PLAIN, sasl_username=mensbest.ru_mail
    Jan 9 16:44:12 server1 postfix/cleanup[20009]: 382D47041C1: message-id=<[email protected]>
    Jan 9 16:44:12 server1 postfix/qmgr[5564]: 382D47041C1: from=<[email protected]>, size=848, nrcpt=1 (queue active)
    Jan 9 16:44:12 server1 postfix/smtpd[20005]: disconnect from unknown[80.70.237.60]
    Jan 9 16:44:42 server1 postfix/smtp[20010]: connect to g.mx.mail.yahoo.com[206.190.53.191]: Connection timed out (port 25)
    Jan 9 16:45:12 server1 postfix/smtp[20010]: connect to a.mx.mail.yahoo.com[209.191.118.103]: Connection timed out (port 25)
    Jan 9 16:45:42 server1 postfix/smtp[20010]: connect to c.mx.mail.yahoo.com[216.39.53.3]: Connection timed out (port 25)
     
    Last edited: Jan 9, 2008
  7. Rockdrala

    Rockdrala New Member

    Call your ISP and tell them to change the reverse DNS Record
    80.70.237.60 lan-237-060.users.mns.ru
    to 80.70.237.60 mail.mensbest.ru

    and then make sure you got port 587 enabled for the SMTP workaround port.
    While your ISP may not have port 25 blocked there maybe 5000 billion other people with different ISPs that do block it. So allow port 587 as well.

    It usually only takes a few minutes to set a new rDNS record by your ISP for your static ip.
    But it can take a couple hours.

    It looks like your mail is getting blocked becuase your reverse dns setup by your ISP is not right. It doesnt look right either.

    Jan 9 16:44:12 server1 postfix/smtpd[20005]: warning: 80.70.237.60: address not listed for hostname lan-237-060.users.mns.ru

    is a problem
     
    Last edited: Jan 9, 2008
  8. dimas

    dimas Member

    Thank you for your reply, but I don't think it's an option for me to call ISP and ask them to change the reverse DNS Record for just one mail server mail.mensbest.ru. In fact, mensbest.ru is just one site hosted currently, but dozens (if not hundreds) more are expected, and each of these sites would have its own mail server.

    So if the reason for my mail getting blocked is indeed the reverse dns setup, then it's a big problem for me :(
     
  9. Rockdrala

    Rockdrala New Member

    It doesnt matter.

    Its still on the same machine.

    it will still work if you give each domain name its own mx record mail.theredomain.com when it access your machine for there email addresses.

    So your clients make there website mail.customersdomain.com and your servers IP address and it will still point to the same machine.

    But you still need the reverse dns setup for your main website as a act of good practice to comminicate with all outside mail servers.

    Its also good preform the same step for your nameservers.
    for example.
    http://www.howtoforge.com/ispconfig_dns_godaddy

    Also your ISP should not charge you to setup PTR aka reverse dns records.

    but you should do it for your main website.
    All it takes is a call to your ISPs techinical support and verify your account information with them.
    You can setup DNS and Name Servers. But reverse dns is something the ISP has to do becuase they are the provider of the static IP.

    my reverse dns use to resolve to 75-blah-blah-business.comcast.net
    now it resolves to mail.mydomain.com after i called them and told them to set up the reverse dns.

    and my clients can make there mx record mail.whatevertheredomainis.com and use outlook to connect to this address and it will connect becuase its still the same machine.

    get it?

    Reverse DNS setup with ISP = free
    Glue Records from Registrar = free
    = good compliant webserver that still works with wildcard MX domain names.


    You dont have to setup this records for all your clients.

    Just the main domain name your going to be using to Service everyone elses.
    Your domain is special becuase it provides services to others domains.

    So yes your ns1.whatever.com ns2.whatever.com mail.whatever.com needs this setup. your clients dont. all they got to do is set the nameserver ns1.yourdomain.com and ns2.yourdomain.com in there registar and you add there records in ISPconfig and it works.

    its that easy.
    Another example

    I have mail.mymain.com
    my clients record is mail.wrestlingsite.com in there ISPconfig
    same server box/same IP

    it will still resolve correctly and allow there email clients to connect to the email server using that name mail.wrestlingsite.com using that IP address given in there control panel in there ISPconfig. Becuase the IP address is still the same of mail.mydomain.com which the IP has been setup in rDNS to resolve to mail.mysite.com
    with my ISP.
     
    Last edited: Jan 9, 2008
  10. xrat

    xrat Member

    It might be that yahoo is blocking you, too. But in any case, as I suggested, you should check with telnet or similar tools that your server(s) actually can make connections to any port 25 out there. HTH.
     
  11. Rockdrala

    Rockdrala New Member

    Yahoo doesnt block connections to port 25 normaly. However he is on a .ru domain so he could be.
    Thats why enabling port 587 is important so you can verify those things.
     
  12. dimas

    dimas Member

    Thank you for your replies, I think I'll do what you are suggesting about the PTR, in the meantime, as it turns out, I can't telnet any external smtp server.

    Here's smtp.mail.ru, for example, it's the same with any other:
    ----------------------------------
    telnet smtp.mail.ru 25
    Trying 194.67.23.111...
    ----------------------------------
    and that's it, no connection

    I tried the same thing from another ISP successfully:
    ----------------------------------
    telnet smtp.mail.ru 25
    Trying 194.67.23.111...
    Connected to smtp.mail.ru.
    Escape character is '^]'.
    220 mail.ru ESMTP Thu, 10 Jan 2008 17:20:51 +0300
    ----------------------------------
     
  13. falko

    falko Super Moderator ISPConfig Developer

  14. dimas

    dimas Member

    Dear Falko, thank you, I checked all the IPs on my server with this tool, but no, none of them are black-listed.

    What beats me, I can successfully ping, for example, smtp.mail.ru. My port 25 is open. But I can't telnet.....
     
  15. falko

    falko Super Moderator ISPConfig Developer

    I think you have to contact the admin of mail.ru to find out why you're being blocked.
     
  16. dimas

    dimas Member

    Thank you, the problem is now solved. There was something wrong on the ISP side. I don't know what it was (they didn't tell me), but after a letter to the tech support of the ISP the problem just went away.

    I wish I knew what it was, because I still don't understand how it was possible for the ISP to block smtp connections while keeping port 25 open.

    Anyway, now everything is OK.
     

Share This Page