Postfix times out on non-local domains

Discussion in 'Server Operation' started by dramsey, Feb 21, 2012.

  1. dramsey

    dramsey New Member

    I've been running two Mac servers for a few years on my AT&T UVerse account. Each has a domain or two and manages email. I haven't touched the configuration of either machine in months.

    Sometime early Saturday, both machines (running different versions of OS X Server) lost the ability to send mail outside their own domains. Looking at mail.log reveals endless lists of lines like this:

    Code:
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40074]: connect to laventanaed.com.1.0001.arsmtp.com[174.143.82.66]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40076]: connect to laventanaed.com.1.0001.arsmtp.com[174.143.82.66]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40068]: connect to alln-mx-01.cisco.com[173.37.145.198]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40067]: connect to mx1.biz.mail.yahoo.com[74.6.140.31]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40077]: connect to lore.ebay.com[216.113.175.103]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40075]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40073]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
    Feb 18 17:33:07 99-26-248-108 postfix/smtp[40072]: connect to alt1.gmail-smtp-in.l.google.com[209.85.225.27]:25: Operation timed out
    As you can see, any attempt to contact a non-local server (such as if I try to send email to someone at mac.com or yahoo.com or whatever) times out.

    Now, it looks for all the world to me as if AT&T decided to start blocking Port 25 outbound on my account. But after spending upwards of 6 hours on the phone over the past couple of days, being passed from Tier 1 support to Tier 2 support to ConnectTech to AT&T 360tech.com, they all swear that they're not.

    As far as I can tell, I'm not on any blacklists, either.

    Does anyone have any clue what could possibly be causing this? I'm out of ideas.
     
  2. falko

    falko Super Moderator ISPConfig Developer

  3. dramsey

    dramsey New Member

    Thanks, but that was the first one I checked. It's clean (99.26.248.104)...
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    To test if its a postfix / server config issue or a problem with your provider, you can try to connect to a external server with telnet on the shell like this:

    telnet external.mail.server 25

    where external.mail.server must be replaced with the hostname or IP of a external smtp server. If this times out as well, then it must be a problem with AT&T or your firewall. If you get a response line (e.g. like this):

    220 externalserver ESMTP Postfix (Debian/GNU)

    then it must be a config problem on your server.
     
  5. dramsey

    dramsey New Member

    I can't telnet to port 25 on any external system. My firewalls are not blocking it. AT&T swears port 25 is not blocked-- I spent over 6 hours on the phone with them yesterday, going through multiple levels of tech support and even paying a $50 fee to the incompetent idiots at ConnectTech (AT&T's third party support).

    (I don't necessarily blame ConnectTech for not being able to fix the problem, but it was obvious within seconds that the India-based tech had no fucking idea what he was doing.)

    I should mention that I can't telnet to port 25 on any external machine from any computer on my network, not just my server.

    I guess I'm just screwed.
     
    Last edited: Feb 21, 2012
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Most providers offer connections only to their own smtp servers. If you know the official smtp servers from at&t, try to connect to them with telnet. If that works, you can be sure that at&t put a slective filter on port 25.
    if you can reach the at&t smtp servers, then you can e.g. try to reconfigure your postfix to relay all outgoing emails trogh the at&t servers.
     
  7. dramsey

    dramsey New Member

    That's what I'm going to try now...

    Of course, all this worked perfectly for years until last Saturday...
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    One more thing, if port 25 connections to the at&t servers dont work, try port 587 too. This port is aclled submission port and can be used for mail delivery by smtp on most servers as well.
     
  9. dramsey

    dramsey New Member

    I'd love to, if I could figure out any way to get Postfix to send out over port 587. I've spent a fair amount of time on this and don't see how to do it (getting it to listen on a different port is easy.

    Re relaying through AT&T's SMTP server:

    Code:
    Feb 21 08:26:46 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[98.139.221.42]:25: Operation timed out
    Feb 21 08:26:46 neko postfix/smtp[10386]: warning: SASL authentication failure: No worthy mechs found
    Feb 21 08:26:46 neko postfix/smtp[10386]: BDD1873F6F: SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[68.142.198.11]: no mechanism available
    Feb 21 08:27:16 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[98.138.31.74]:25: Operation timed out
    Feb 21 08:27:46 neko postfix/smtp[10386]: connect to smtp.att.yahoo.com[67.195.15.66]:25: Operation timed out
     
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats described e.g. here:

    http://www.howtoforge.com/how-to-relay-email-on-a-postfix-server
     
  11. dramsey

    dramsey New Member

    Boy, wouldn't it have been nice if that had worked! Here's what I get with just the AT&T host listed as the relay:

    Code:
    Feb 21 10:22:55 neko postfix/qmgr[6592]: CC4F16DAF5: from=<[email protected]>, size=939, nrcpt=1 (queue active)
    Feb 21 10:22:55 neko postfix/smtpd[6643]: disconnect from neko.com[99.26.248.104]
    Feb 21 10:23:26 neko postfix/smtp[6652]: connect to smtp.att.yahoo.com[67.195.15.66]:25: Operation timed out
    Feb 21 10:23:56 neko postfix/smtp[6652]: connect to smtp.att.yahoo.com[98.138.31.74]:25: Operation timed out
    OK, let's try port 587. That always works, right?

    Code:
    Feb 21 10:34:34 neko postfix/qmgr[8361]: 5C21E6D7AB: from=<[email protected]>, size=987, nrcpt=1 (queue active)
    Feb 21 10:34:37 neko postfix/smtp[8365]: warning: SASL authentication failure: No worthy mechs found
    Feb 21 10:34:37 neko postfix/smtp[8365]: 5C21E6D7AB: SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[98.139.221.42]: no mechanism available
    Feb 21 10:34:37 neko postfix/smtp[8365]: warning: SASL authentication failure: No worthy mechs found
    Feb 21 10:34:37 neko postfix/smtp[8365]: 5C21E6D7AB: SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[67.195.15.66]: no mechanism available
    Feb 21 10:34:37 neko postfix/smtp[8365]: warning: SASL authentication failure: No worthy mechs found
    Feb 21 10:34:37 neko postfix/smtp[8365]: 5C21E6D7AB: SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[98.138.31.74]: no mechanism available
    Feb 21 10:34:37 neko postfix/smtp[8365]: warning: SASL authentication failure: No worthy mechs found
    Feb 21 10:34:38 neko postfix/smtp[8365]: 5C21E6D7AB: to=<[email protected]>, relay=smtp.att.yahoo.com[68.142.198.11]:587, delay=1723, delays=1720/2.1/1.3/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.att.yahoo.com[68.142.198.11]: no mechanism available)
     
    Last edited: Feb 21, 2012

Share This Page