LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-24-2007, 06:35 AM   #1
kingfisher
LQ Newbie
 
Registered: Jan 2005
Posts: 5

Rep: Reputation: 0
Outgoing connections on port 25 => refused, postfix?


Hello all.

I recently tried to upgrade my mailserver with some greylisting functionality, however, since yesterday I cannot send mails to any external mailserver on port 25.

Once I shutdown my firewall => everything works.

My /var/log/mail.log says the following:

Code:
Jan 24 12:07:03 deepthought postfix/smtp[23827]: connect to mx0.gmx.de[213.165.64.100]: Connection timed out (port 25)

Jan 24 12:07:03 deepthought postfix/smtp[23827]: 2D03F3A4107: to=<xxxxxxx@gmx.de>, relay=none, delay=60, status=deferred (connect to mx0.gmx.de[213.165.64.100]: Connection timed out)
without firewall active, the mail gets through though...

I know that my ISP doesn't block port 25.

My Iptables rule for Port 25 config looks like this:

Code:
# Port 25
$iptables -I INPUT -i eth0 -p TCP --sport 1024:65535 --dport 25 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$iptables -I OUTPUT -o eth0 -p TCP --sport 25 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
postconf -n:

Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = yes
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
disable_vrfy_command = yes
mailbox_size_limit = 0
mailbox_transport = cyrus
mydestination = $myhostname, $mydomain, localhost.$mydomain
myhostname = headbangerz.org
mynetworks = 127.0.0.0/8, 85.10.198.7
myorigin = /etc/mailname
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-relay.cf
sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf
setgid_group = postdrop
smtp_tls_CAfile = /etc/certs/cert.pem
smtp_tls_cert_file = /etc/certs/cert.pem
smtp_tls_key_file = /etc/certs/key.pem
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Mailserver)
smtpd_delay_reject = yes
smtpd_recipient_restrictions = permit_mynetworks,       permit_sasl_authenticated,      reject_unauth_destination,      permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/certs/cert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/certs/cert.pem
smtpd_tls_key_file = /etc/certs/key.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = mysql:/etc/postfix/mysql-transport.cf

any ideas?

Last edited by kingfisher; 01-24-2007 at 06:41 AM.
 
Old 01-24-2007, 07:12 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
well your second line says that no new connections to port 25 are allowed to be established outbound. that rule appears to really do *nothing* other than create the problem you are having... why did you add it?
 
Old 01-24-2007, 07:47 AM   #3
kingfisher
LQ Newbie
 
Registered: Jan 2005
Posts: 5

Original Poster
Rep: Reputation: 0
umm, how would the rule have to look then?
 
Old 01-24-2007, 09:10 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
well it wouldn't exist in the first place.
 
Old 01-24-2007, 09:50 AM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Those two rules only deal with inbound connections. Mail sent outbound by Postfix is going to source from an ephemeral port and have a destination of 25/tcp. What are the rest of your firewall rules?
 
Old 01-24-2007, 11:42 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
oh yeah so it does... what a moron...
 
Old 01-24-2007, 06:33 PM   #7
kingfisher
LQ Newbie
 
Registered: Jan 2005
Posts: 5

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by acid_kewpie
oh yeah so it does... what a moron...
thanks for the tip! I rechecked my rules and now it's working the way it should be.
strange thing is that I didn't change the rules in the first place...

however, this doesn't directly make me a moron, does it?
 
Old 01-24-2007, 09:33 PM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by kingfisher
thanks for the tip! I rechecked my rules and now it's working the way it should be.
strange thing is that I didn't change the rules in the first place...
Great.


Quote:
however, this doesn't directly make me a moron, does it?
I don't want to put words in his mouth, but I'm pretty sure that comment was self-referrential.
 
Old 01-25-2007, 01:53 AM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Quote:
Originally Posted by chort
I don't want to put words in his mouth, but I'm pretty sure that comment was self-referrential.
Oh yeah absolutely, i couldn't tell the difference between --sport and --dport.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix outgoing port ? taiwf Linux - Software 4 07-06-2006 10:59 AM
My Ubuntu 5.10 server don't want outgoing connections salah1 Linux - Networking 0 05-14-2006 04:58 PM
SuSEfirewall - how to block outgoing connections dbraghi Linux - Security 4 04-02-2005 09:08 PM
firewall outgoing connections hotrodowner Linux - Security 2 02-22-2004 12:51 PM
outgoing connections DonMiner Linux - Networking 2 05-02-2003 09:51 AM


All times are GMT -5. The time now is 10:19 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration