postfix - connection refused through public IP in same network

Discussion in 'Server Operation' started by nzimas, Jun 12, 2014.

  1. nzimas

    nzimas Member

    I have set up a mail server inside an OpenVZ container.
    An iptables rule is in place on the host to forward incoming connections from the outside world to that container.

    It is possible to telnet or nc the mail server from any point outside the network.

    Code:
    nunos-mbp:~ nzimas$ nc -v mail.domain.com 25
    found 0 associations
    found 1 connections:
         1:	flags=82<CONNECTED,PREFERRED>
    	outif en0
    	src 192.168.1.35 port 50050
    	dst 1.2.3.4 port 25
    	rank info not available
    	TCP aux info available
    
    Connection to mail.domain.com port 25 [tcp/smtp] succeeded!
    220 mail.domain.com ESMTP Postfix (Ubuntu)
    quit
    221 2.0.0 Bye
    It is not possible to access the mail server from either the host or any other guest in the network through the public IP, however.

    Code:
    [email protected]:~# nc -vvv mail.rapidtvnews.com 25
    DNS fwd/rev mismatch: mail.domains.com != ns428897.ip-1-2-3.eu
    mail.domain.com [1.2.3.4] 25 (smtp) : Connection refused
     sent 0, dcvd 0
    The iptables rules look as follows:

    Code:
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination         
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:smtp to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3 to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:imap2 to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:pop3s to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:imaps to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:ssmtp to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:submission to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:smtp to:10.10.10.4
    DNAT       tcp  --  anywhere             anywhere             tcp dpt:2525 to:10.10.10.4:25
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination         
    MASQUERADE  all  --  10.10.10.0/24        anywhere            
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination   
    Been unsuccessfully scouring the web for an answer in the last week or so.
     

Share This Page