Port 25 closed...can't open
I have a server running Fedora 4. I've been having trouble getting email to work, and just discovered port 25 is closed. This is despite the firewall having port 25 open...
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 However, when I do this from another computer: telnet 209.190.35.138 25 I get connect to address 209.190.35.138: Connection refused When I try to check email using Outlook Express in Windows, I get "Server teminated connection" http, ftp and ssh all work just fine. But for some reason, port 25 is blocked and I can't unblock it. Any ideas? |
Does your ISP block port 25?
|
Quote:
This new server is with a company I've not used before. It's possible they're blocking port 25 (and I've asked just in case), but it would be extraordinary if they did given this is a dedicated server and needs to send and receive email. NOTE: I can "telnet localhost 25" just fine. It's "telnet 209.190.35.138 25" from another machine (own PC using secureCRT and telnet while logged in to my other web server) that cause the problem. So it seems to me, the issue mus be around something preventing connections from port 25 from outside the server itself. And I'm wondering if there's something obvious on the box itself that I've overlooked (e.g. I'm know nothing about iptables, so may have misunderstood what's I'm seeing there). For example, the line... REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited ...appears at the bottom of the iptables report when I type "service iptables status" Is this the problem? Baring in mind the file also contains... ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 |
What are you using as your MTA? If you are using Sendmail, by default it will not accept connections from anything accept localhost. If you show us "netstat -pant" as root that could be helpful.
|
Quote:
It may be my problem isn't a blocked port at all. As of right now, my /etc/resolv.conf file doesn't contain the IPs of my hosting companies nameservers. I suspect that is the main problem. Here's the netstat results: [root@localhost ~]# netstat -pant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2107/mysqld tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1732/portmap tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2017/vsftpd tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 1964/mDNSResponder tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12666/sendmail: acc tcp 0 0 :::995 :::* LISTEN 12455/dovecot tcp 0 0 :::110 :::* LISTEN 12455/dovecot tcp 0 0 :::80 :::* LISTEN 11660/httpd tcp 0 0 :::22 :::* LISTEN 2009/sshd tcp 0 1008 ::ffff:209.190.35.138:22 ::ffff:82.153.163.1:4500 ESTABLISHED 22238/sshd: |
This line:
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12666/sendmail: acc That line says that sendmail is only listening on 127.0.0.1. Only connections coming from 127.0.0.1 will be accepted. If send mail was listening for any incoming connection the line would say this: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 12666/sendmail: acc You definitely need to check out your configuration to see what is up. To test this out further, you say you can telnet localhost 25 just fine, but replace localhost with the IP address of the network adapter. I'm using FC6 and here is what I have in my sendmail.mc: Code:
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl Quote:
|
Benjithegreat98, thank you for your help with this.
Quote:
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl NOTE: The Addr=127.0.0.1 line was already commented out. I just added in your line. I then entered service sendmail restart. Then I entered netstat -pant and got... tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 23080/sendmail: acc As you can see, it's still listening on 127.0.0.1. EDIT: I just commented out your line and restarted sendmail. This did not change the date/time stamp on sendmail.cf. Could there be a problem that is preventing sendmail.cf from being built, and so causing this problem? |
You can manually create the .cf file with the command I gave earlier. Do this with root access:
Code:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf |
Quote:
/etc/mail/sendmail.mc:10: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory ...and sendmail.mc ends up being 0 bytes long (fortunately, I took your advice and made a copy). ************************* EDIT: I edited sendmail.cf directly, and commented out the existing DaemonPortOptions line and replaced it with yours. This did the trick. netstat shows sendmail listening on 0.0.0.0:25, and I can now "telnet 209.190.35.138 25" successfully. I guess I have another issue with respect to editing sendmail.mc, but that's less important right now. So thanks for your help. ******************** EDIT #2: Sendmail still isn't working. Bah! I can see the mail in mqueue, but it's not being delivered. Ah the joy. More research I guess. |
Maybe m4 isn't installed do this:
rpm -qa|grep m4 if that doesn't show anything you can do "yum install m4" to get that on your system. Good luck |
Quote:
Until I get those, I won't be getting any further. Thanks for all your help. |
No problem. The last post was to try and fix the problem you were having creating a .cf file from the .mc file.
|
Quote:
Code:
make -C /etc/mail |
if m4 is having trouble then the make -C /etc/mail command will fail because it depends on the presence of m4
You can look at /etc/mail/Makefile to see what the make command is doing. |
Quote:
Yesterday, I managed to find out what the IP addresses are. As soon I entered them in resolv.conf, I was able to use Yum to install sendmail-cf. Then I was able to update sendmail.cf via sendmail.mc as per normal. So everything now works as it should. Thank you all for your help. |
All times are GMT -5. The time now is 10:40 PM. |