email clients cannot send smtp ispconfig 3

Discussion in 'Installation/Configuration' started by nil ens, Aug 22, 2012.

  1. nil ens

    nil ens New Member

    Hello,

    I have a new install of ISPConfig3 (my first one) exactly following the tutorial The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Dovecot [ISPConfig 3]. I'm having problems with remote clients being able to send email via the ISPConfig3 mail server regardless whether they use Thunderbird, Outlook, etc. IMAP and POP3 work fine.

    The server is on a virtual machine and NAT'd behind a firewall but all mail ports are open and port forwarded through the firewall. I can successfully send smtp if I connect to the server from a client using the public (inside) IP but cannot if I use the private (internet facing) IP. I know the firewall is not blocking the packets because I debugged and logged smtp packets and the logs show the firewall passing port 25 through to the server.

    For example, below is the output from testing using a telnet session. The first test uses the public IP and the second uses the private IP.

    Code:
    [[email protected] ~]$ telnet 192.168.32.101 25
Trying 192.168.32.101...
Connected to 192.168.32.101.
Escape character is '^]'.
220 ex3ksweb01.ex3host.com ESMTP
ehlo mail.ex3.com
250-ex3ksweb01.ex3host.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: [email protected]
250 2.1.0 Ok
rcpt to: [email protected]
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
test message 20120821_1636
.
250 2.0.0 Ok: queued as 7267F1A4F3
quit
221 2.0.0 Bye
Connection closed by foreign host.

[[email protected] ~]$ telnet mail.ex3test.com 25
Trying 69.149.138.211...
telnet: connect to address 69.149.138.211: Connection refused
    Here is a tail of my mail.log file:

    Code:
    Aug 21 19:30:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:30:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: connect from localhost[127.0.0.1]
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:30:01 ex3ksweb01 postfix/smtpd[3818]: disconnect from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:35:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: connect from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:35:01 ex3ksweb01 postfix/smtpd[3910]: disconnect from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:40:01 ex3ksweb01 dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: connect from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: lost connection after CONNECT from localhost[127.0.0.1]
Aug 21 19:40:01 ex3ksweb01 postfix/smtpd[4001]: disconnect from localhost[127.0.0.1]
    I searched for a fix here on the site but no post seemed to fit. I'm not sure if it has to do with SASL or the configuration of amavisd.

    Any suggestions?
     
    nil ens, Aug 22, 2012
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Please post the output of:

    netstat -tap
     
    till, Aug 22, 2012
    #2
  3. nil ens

    nil ens New Member

    Thanks for the quick reply. Here is the output.

    Unfortunately I'm new to Debian and I'm still learning where / how to do setting for the firewall, etc.

    Code:
    [email protected]:/var/log# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:mysql                 *:*                     LISTEN      1658/mysqld     
tcp        0      0 *:pop3                  *:*                     LISTEN      1955/dovecot    
tcp        0      0 *:imap2                 *:*                     LISTEN      1955/dovecot    
tcp        0      0 *:sunrpc                *:*                     LISTEN      779/portmap     
tcp        0      0 *:ftp                   *:*                     LISTEN      1794/pure-ftpd (SER
tcp        0      0 ex3ksweb01.ex3ho:domain *:*                     LISTEN      1049/named      
tcp        0      0 localhost:domain        *:*                     LISTEN      1049/named      
tcp        0      0 *:ssh                   *:*                     LISTEN      1669/sshd       
tcp        0      0 *:smtp                  *:*                     LISTEN      1920/master     
tcp        0      0 localhost:953           *:*                     LISTEN      1049/named      
tcp        0      0 *:imaps                 *:*                     LISTEN      1955/dovecot    
tcp        0      0 *:pop3s                 *:*                     LISTEN      1955/dovecot    
tcp        0      0 *:59813                 *:*                     LISTEN      792/rpc.statd   
tcp        0      0 localhost:10024         *:*                     LISTEN      1257/amavisd (maste
tcp        0      0 localhost:10025         *:*                     LISTEN      1920/master     
tcp        0      0 localhost:33430         localhost:mysql         ESTABLISHED 1258/amavisd (ch9-a
tcp        0      0 localhost:mysql         localhost:33430         ESTABLISHED 1658/mysqld     
tcp        0      0 localhost:mysql         localhost:33446         ESTABLISHED 1658/mysqld     
tcp        0     48 ex3ksweb01.ex3host.:ssh 192.168.20.151:60429    ESTABLISHED 2309/sshd: administ
tcp        0      0 localhost:33446         localhost:mysql         ESTABLISHED 1259/amavisd (ch8-a
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      1277/apache2    
tcp6       0      0 [::]:www                [::]:*                  LISTEN      1277/apache2    
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      1277/apache2    
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      1794/pure-ftpd (SER
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      1049/named      
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN      1669/sshd       
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      1049/named      
tcp6       0      0 [::]:https              [::]:*                  LISTEN      1277/apache2    
[email protected]:/var/log#
     
    nil ens, Aug 22, 2012
    #3
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats ok, postfix is listening on all interfaces.

    So the connecion must be blocked by a firewall, this can be the firewall on the server itself. Test it with:

    iptables -L

    A firewall in a router in front of the server or a firewall of your internet acccess provider. Many providers block port 25 to avoid spam, so if your server is not located in a datacenter, then its likely that your provider blocks the smtp connections.
     
    till, Aug 23, 2012
    #4
  5. nil ens

    nil ens New Member

    Thanks again for the assistance.

    Below is the output of the iptables command. If I read this correctly, there is not a rule for smtp. I would have expected the rule to be installed during the setup as shown in the tutorial. Did I miss a step?

    So at this point do I need to create another fail2ban filter and set up a chain in iptables? and if so can you let me know the command(s) to do that?

    Regards.

    Code:
    [email protected]:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-ssh  tcp  --  anywhere             anywhere            multiport dports ssh 
fail2ban-pureftpd  tcp  --  anywhere             anywhere            multiport dports ftp 
fail2ban-dovecot-pop3imap  tcp  --  anywhere             anywhere            multiport dports pop3,pop3s,imap2,imaps 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-dovecot-pop3imap (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-pureftpd (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-ssh (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            
[email protected]:~#
     
    nil ens, Aug 23, 2012
    #5
  6. nil ens

    nil ens New Member

    Nevermind. It turns out that our internet provider was blocking ports to that location. They shouldn't have been, but they were.

    Thanks for your help in pointing to the problem.

    Cheers!
     
    nil ens, Aug 24, 2012
    #6

Share This Page