LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Fedora
User Name
Password
Fedora This forum is for the discussion of the Fedora Project.

Notices

Reply
 
Search this Thread
Old 03-19-2007, 07:51 AM   #1
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Rep: Reputation: 17
Port 25 closed...can't open


I have a server running Fedora 4. I've been having trouble getting email to work, and just discovered port 25 is closed. This is despite the firewall having port 25 open...

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

However, when I do this from another computer: telnet 209.190.35.138 25

I get connect to address 209.190.35.138: Connection refused

When I try to check email using Outlook Express in Windows, I get "Server teminated connection"

http, ftp and ssh all work just fine. But for some reason, port 25 is blocked and I can't unblock it.

Any ideas?
 
Old 03-19-2007, 08:07 AM   #2
coolio2006
LQ Newbie
 
Registered: Mar 2007
Posts: 6

Rep: Reputation: 0
Does your ISP block port 25?
 
Old 03-19-2007, 08:59 AM   #3
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by coolio2006
Does your ISP block port 25?
If you mean the company that gives me access to the Internet here at my office, no. Both my other servers have no problem with email.

This new server is with a company I've not used before. It's possible they're blocking port 25 (and I've asked just in case), but it would be extraordinary if they did given this is a dedicated server and needs to send and receive email.

NOTE: I can "telnet localhost 25" just fine.

It's "telnet 209.190.35.138 25" from another machine (own PC using secureCRT and telnet while logged in to my other web server) that cause the problem.

So it seems to me, the issue mus be around something preventing connections from port 25 from outside the server itself.

And I'm wondering if there's something obvious on the box itself that I've overlooked (e.g. I'm know nothing about iptables, so may have misunderstood what's I'm seeing there).

For example, the line...

REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

...appears at the bottom of the iptables report when I type "service iptables status" Is this the problem? Baring in mind the file also contains...

ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25

Last edited by 60s TV Batman; 03-19-2007 at 09:54 AM.
 
Old 03-20-2007, 10:07 AM   #4
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
What are you using as your MTA? If you are using Sendmail, by default it will not accept connections from anything accept localhost. If you show us "netstat -pant" as root that could be helpful.
 
Old 03-20-2007, 10:45 AM   #5
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by benjithegreat98
What are you using as your MTA? If you are using Sendmail, by default it will not accept connections from anything accept localhost. If you show us "netstat -pant" as root that could be helpful.
Before posting here, I'd commented out the line that has Sendmail listen only on localhost, and had Fedora restart sendmail.

It may be my problem isn't a blocked port at all. As of right now, my /etc/resolv.conf file doesn't contain the IPs of my hosting companies nameservers. I suspect that is the main problem.

Here's the netstat results:

[root@localhost ~]# netstat -pant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2107/mysqld
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1732/portmap
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 2017/vsftpd
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 1964/mDNSResponder
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12666/sendmail: acc
tcp 0 0 :::995 :::* LISTEN 12455/dovecot
tcp 0 0 :::110 :::* LISTEN 12455/dovecot
tcp 0 0 :::80 :::* LISTEN 11660/httpd
tcp 0 0 :::22 :::* LISTEN 2009/sshd
tcp 0 1008 ::ffff:209.190.35.138:22 ::ffff:82.153.163.1:4500 ESTABLISHED 22238/sshd:

Last edited by 60s TV Batman; 03-20-2007 at 10:48 AM.
 
Old 03-20-2007, 11:04 AM   #6
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
This line:
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12666/sendmail: acc

That line says that sendmail is only listening on 127.0.0.1. Only connections coming from 127.0.0.1 will be accepted. If send mail was listening for any incoming connection the line would say this:
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 12666/sendmail: acc

You definitely need to check out your configuration to see what is up.

To test this out further, you say you can telnet localhost 25 just fine, but replace localhost with the IP address of the network adapter.

I'm using FC6 and here is what I have in my sendmail.mc:
Code:
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
The top line was what was originally there (with out the dnl # and tailing dnl). I replaced it with the bottom line. I believe if you restart sendmail after that it will compile your sendmail.mc file to the sendmail.cf for you. Or you can do m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf with root privey. Back up your old cf file.

Quote:
It may be my problem isn't a blocked port at all. As of right now, my /etc/resolv.conf file doesn't contain the IPs of my hosting companies nameservers. I suspect that is the main problem.
That wouldn't stop you from at least making an initial connection to port 25.

Last edited by benjithegreat98; 03-20-2007 at 11:05 AM.
 
Old 03-20-2007, 11:54 AM   #7
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Benjithegreat98, thank you for your help with this.

Quote:
Originally Posted by benjithegreat98
This line..
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 12666/sendmail: acc
...says that sendmail is only listening on 127.0.0.1.

Code:
dnl #DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
OK, I changed my sendmail.mc file to...

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

NOTE: The Addr=127.0.0.1 line was already commented out. I just added in your line. I then entered service sendmail restart. Then I entered netstat -pant and got...

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 23080/sendmail: acc

As you can see, it's still listening on 127.0.0.1.

EDIT: I just commented out your line and restarted sendmail. This did not change the date/time stamp on sendmail.cf.

Could there be a problem that is preventing sendmail.cf from being built, and so causing this problem?

Last edited by 60s TV Batman; 03-20-2007 at 11:59 AM.
 
Old 03-20-2007, 12:04 PM   #8
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
You can manually create the .cf file with the command I gave earlier. Do this with root access:
Code:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
That command will overwrite your sendmail.cf file. After that you can restart sendmail.
 
Old 03-20-2007, 12:06 PM   #9
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by benjithegreat98
You can manually create the .cf file with the command I gave earlier. Do this with root access:
Code:
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
That gives me this error message:

/etc/mail/sendmail.mc:10: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory

...and sendmail.mc ends up being 0 bytes long (fortunately, I took your advice and made a copy).

*************************

EDIT: I edited sendmail.cf directly, and commented out the existing DaemonPortOptions line and replaced it with yours.

This did the trick. netstat shows sendmail listening on 0.0.0.0:25, and I can now "telnet 209.190.35.138 25" successfully.

I guess I have another issue with respect to editing sendmail.mc, but that's less important right now.

So thanks for your help.

********************

EDIT #2:

Sendmail still isn't working. Bah! I can see the mail in mqueue, but it's not being delivered.

Ah the joy. More research I guess.

Last edited by 60s TV Batman; 03-20-2007 at 12:20 PM.
 
Old 03-20-2007, 02:01 PM   #10
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Maybe m4 isn't installed do this:
rpm -qa|grep m4

if that doesn't show anything you can do "yum install m4" to get that on your system.

Good luck
 
Old 03-20-2007, 02:07 PM   #11
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by benjithegreat98
Maybe m4 isn't installed do this:
rpm -qa|grep m4

if that doesn't show anything you can do "yum install m4" to get that on your system.
The problem is I don't have the IP address for my hosting company's nameservers for /etc/resolv.conf

Until I get those, I won't be getting any further.

Thanks for all your help.
 
Old 03-20-2007, 02:14 PM   #12
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
No problem. The last post was to try and fix the problem you were having creating a .cf file from the .mc file.
 
Old 03-22-2007, 09:42 AM   #13
sandgroper
Member
 
Registered: Jul 2004
Location: Perth , Western Australia
Distribution: Fedora Core 5 , Mint 9
Posts: 118

Rep: Reputation: 15
Quote:
Originally Posted by benjithegreat98
No problem. The last post was to try and fix the problem you were having creating a .cf file from the .mc file.
There are 2 ways to modify the .cf file using macros , the one mentioned above and the other way is to use :


Code:
make -C /etc/mail
 
Old 03-22-2007, 09:50 AM   #14
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
if m4 is having trouble then the make -C /etc/mail command will fail because it depends on the presence of m4

You can look at /etc/mail/Makefile to see what the make command is doing.
 
Old 03-22-2007, 10:51 AM   #15
60s TV Batman
Member
 
Registered: Oct 2004
Location: London (UK)
Distribution: Ubuntu 12.04
Posts: 60

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by benjithegreat98
if m4 is having trouble then the make -C /etc/mail command will fail because it depends on the presence of m4

You can look at /etc/mail/Makefile to see what the make command is doing.
The main problem was /etc/resolv.conf didn't contain the IP addresses of my server's hosting company's nameservers. As a result, Yum wouldn't work.

Yesterday, I managed to find out what the IP addresses are. As soon I entered them in resolv.conf, I was able to use Yum to install sendmail-cf. Then I was able to update sendmail.cf via sendmail.mc as per normal.

So everything now works as it should.

Thank you all for your help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Port Scan: Closed Port instead of Stealth unihiekka Linux - Security 9 12-26-2005 08:51 PM
2.4.20-8 port 25 closed, cant open mwmethe Linux - Networking 4 10-27-2004 02:54 PM
2.4.20-8 port 25 closed, cant open mwmethe Linux - Networking 1 10-27-2004 01:37 PM
port open but make it look closed.... Possible? benjithegreat98 Linux - Security 15 02-15-2004 10:15 PM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM


All times are GMT -5. The time now is 08:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration