LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-26-2010, 11:07 PM   #31
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0

Hi,

The firewall we're running is pfsense.
 
Old 09-26-2010, 11:08 PM   #32
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Hi,

The firewall we're running is PFSENSE.
 
Old 09-27-2010, 12:12 AM   #33
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi,

Please check if port 25,110 and 143 are open.
 
Old 09-27-2010, 12:13 AM   #34
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Refer this link for docs of pfsence http://doc.pfsense.org/index.php/Main_Page
 
Old 09-27-2010, 12:43 AM   #35
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Hi,

How will I check if those ports are open? The ports 110 and 25 are in the Firewall:NAT:Port Forward and in Firewall:Rules.

Thanks.

Last edited by willcastle; 09-27-2010 at 12:52 AM.
 
Old 09-27-2010, 01:52 AM   #36
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Hi,

I get this notice when testing emails.

lost connection with
domain.ph[222.127.x.x] while receiving the initial server greeting
 
Old 09-27-2010, 02:07 AM   #37
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Code:
#alias_database = hash:/etc/postfix/aliases
#alias_maps = $alias_database
allow_mail_to_commands = alias,forward
allow_mail_to_files = alias,forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
always_bcc =
append_at_myorigin = yes
append_dot_mydomain = yes
best_mx_transport =
biff = no
bounce_notice_recipient = postmaster
bounce_size_limit = 50000
canonical_maps =
command_directory = /usr/sbin
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000
default_database_type = hash
default_delivery_slot_cost = 10
default_delivery_slot_discount = 50
default_delivery_slot_loan = 5
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 150
default_recipient_limit = 10000
default_transport = smtp
default_verp_delimiters = +=
defer_transports =
delay_notice_recipient = postmaster
delay_warning_time = 2
deliver_lock_attempts = 5
deliver_lock_delay = 1
disable_dns_lookups = no
disable_verp_bounces = no
disable_vrfy_command = yes
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
error_notice_recipient = postmaster
expand_owner_alias = no
export_environment = TZ
extract_recipient_limit = 10240
fallback_relay =
fallback_transport =
#fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
fork_attempts = 5
fork_delay = 1
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension},$home/.forward
hopcount_limit = 50
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG TZ XAUTHORITY DISPLAY
in_flow_delay = 1s
inet_interfaces = all
initial_destination_concurrency = 5
invalid_hostname_reject_code = 501
ipc_idle = 100
ipc_timeout = 3600
line_length_limit = 2048
lmtp_cache_connection = yes
lmtp_connect_timeout = 0
lmtp_data_done_timeout = 600
lmtp_data_init_timeout = 120
lmtp_data_xfer_timeout = 180
lmtp_lhlo_timeout = 300
lmtp_mail_timeout = 300
lmtp_quit_timeout = 300
lmtp_rcpt_timeout = 300
lmtp_rset_timeout = 300
#lmtp_sasl_auth_enable = no
#lmtp_sasl_password_maps =
#lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_skip_quit_response = no
lmtp_tcp_port = 24
local_command_shell =
local_destination_concurrency_limit = 2
mail_version = postfix-2.5.1
maps_rbl_domains = rbl.maps.vix.com
maps_rbl_reject_code = 554
max_idle = 100
max_use = 100
maximal_backoff_time = 4000
maximal_queue_lifetime = 2

myhostname =mail.domain.ph
mydomain = domain.ph
mynetworks = 192.168.101.0/24, 192.168.201.0/24, 127.0.0.0/8, 222.127.x.x/29
mynetworks_style = subnet
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain
#mydestination = /etc/postfix/local-host-names
#mail_spool_directory = /var/spool/mail
#home_mailbox = Mailbox

non_fqdn_reject_code = 504
notify_classes = policy,resource,software,protocol,delay,bounce
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
qmgr_fudge_factor = 100
qmgr_message_active_limit = 1000
qmgr_message_recipient_limit = 10000
qmgr_message_recipient_minimum = 10
qmgr_site_hog_factor = 100
qmqpd_authorized_clients =
qmqpd_error_delay = 5s
qmqpd_timeout = 300s
service_throttle_time = 60
smtp_always_send_ehlo = no
smtp_bind_address =
smtp_break_lines = yes
smtp_connect_timeout = 0
smtp_data_done_timeout = 600
smtp_data_init_timeout = 120
smtp_data_xfer_timeout = 180
smtp_helo_timeout = 300
smtp_mail_timeout = 300
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_threshold_time = 500s
smtp_quit_timeout = 300
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300
smtp_skip_4xx_greeting = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtpd_banner = $myhostname ESMTP zugzug!
smtpd_delay_reject = yes
smtpd_error_sleep_time = 5
smtpd_etrn_restrictions =
smtpd_hard_error_limit = 100
smtpd_helo_required = yes
smtpd_helo_restrictions =
smtpd_junk_command_limit = 1000
smtpd_noop_commands =
smtpd_recipient_limit = 1000
smtpd_restriction_classes =

smtpd_recipient_restrictions =  reject_non_fqdn_sender,reject_non_fqdn_recipient,permit_mynetworks,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject_rbl_client zen.spamhaus.org,reject_unauth_destination,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org,reject_rhsbl_client blackhole.securitysage.com,reject_rhsbl_sender blackhole.securitysage.com,reject_rbl_client relays.ordb.org,reject_rbl_client blackholes.easynet.nl,reject_rbl_client cbl.abuseat.org,reject_rbl_client proxies.blackholes.wirehub.net,reject_rbl_client sbl.spamhaus.org,reject_rbl_client opm.blitzed.org,reject_rbl_client dnsbl.njabl.org,reject_rbl_client multihop.dsbl.org
smtpd_sender_login_maps =
smtpd_soft_error_limit = 10
smtpd_timeout = 300
soft_bounce = no
stale_lock_time = 500
strict_rfc821_envelopes = yes
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
unknown_address_reject_code = 450
unknown_client_reject_code = 450
unknown_hostname_reject_code = 450
verp_delimiter_filter = -=+

# --------------------------------
# Deactivated, done in SpamAssasin
# --------------------------------
#    reject_rhsbl_client blackhole.securitysage.com,
#    reject_rhsbl_sender blackhole.securitysage.com,
#    reject_rbl_client relays.ordb.org,
#    reject_rbl_client proxies.blackholes.wirehub.net,
#    reject_rbl_client bl.spamcop.net,
#    reject_rbl_client sbl.spamhaus.org,
#    reject_rbl_client opm.blitzed.org,
#    reject_rbl_client dnsbl.njabl.org,
#    reject_rbl_client list.dsbl.org,
#    reject_rbl_client multihop.dsbl.org,

# --------------------------------
# Deactivated, done in SpamAssasin
# --------------------------------
# Check Message Header and Body
# body_checks = regexp:$config_directory/body_checks
# header_checks = regexp:$config_directory/header_checks



debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb = $daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
show_user_unknown_table_name = no

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:89
virtual_mailbox_base = /home/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = virtual
virtual_uid_maps = static:89
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
virtual_overquota_bounce = yes

relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
# Additional for quota support
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
#virtual_overquota_bounce = yes


#broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
#  reject_non_fqdn_hostname,
#  reject_non_fqdn_sender,
#  reject_non_fqdn_recipient,
  reject_unauth_destination,
#  reject_unauth_pipelining,
#  reject_invalid_hostname,
#  reject_rbl_client opm.blitzed.org,
#  reject_rbl_client list.dsbl.org,
#  reject_rbl_client bl.spamcop.net,
#  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
#smtpd_sasl_security_options = noanonymous
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
html_directory = no
#setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/local/man
#daemon_directory = /usr/libexec/postfix
newaliases_path = /usr/bin/newaliases
#mailq_path = /usr/bin/mailq
#queue_directory = /var/spool/postfix
#mail_owner = postfix
data_directory = /var/lib/postfix
Hi,

Above is the main.cf config. Pls anyone can check the config and make some suggestions on what is wrong.
Thanks in advance.

Last edited by willcastle; 09-27-2010 at 03:33 AM.
 
Old 09-27-2010, 02:59 AM   #38
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi,

I don't know what you are doing?

Can you re phrase the the problems you are facing?

These are the trouble shooting steps follow these and show us the output here ;please:

Code:
sudo netstat -a | grep smtp
Code:
 netstat -a | grep pop
Code:
 netstat -a | grep imap
Code:
 iptables -L
Quote:
telnet yourmailserverdomain.com 25

EHLO yourmailserverdomain.com

MAIL FROM: <user1@yourmailserverdomain.com>

RCPT TO: <user2@yourmailserverdoamin.com>

DATA
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
Quote:
telnet yourmailserverdoamin.com 110
user user1@yourmailserverdoamin.com
pass PASSWORD
list
Quote:
telnet yourmailserverdoamin.com 143
a login user1@yourmailserverdoamin.com yourpassword
a OK LOGIN Ok.
And at last Learn how to use your pfsence firewall;we can help you solve problem you face configuring your firewall

Last edited by prayag_pjs; 09-27-2010 at 03:01 AM.
 
Old 09-27-2010, 03:29 AM   #39
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Code:
netstat -a | grep smtp
tcp        0      0 *:smtp                      *:*                         LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     8588   private/smtp
Code:
 netstat -a | grep pop
tcp        0      0 * : pop3s                     *:*                         LISTEN
tcp        0      0 * : pop3                      *:*                         LISTEN
Code:
 netstat -a | grep imap
tcp        0      0 *:imaps                     *:*                         LISTEN
tcp        0      0 *:imap                      *:*                         LISTEN
Code:
iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Hi,

This is the output.

Last edited by willcastle; 09-27-2010 at 03:34 AM.
 
Old 09-27-2010, 03:34 AM   #40
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi,

Where did you run this command and please do telnet also and let us know the output
 
Old 09-27-2010, 03:59 AM   #41
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Code:
[root@porto ~]# telnet domain.ph 110
Trying 222.127.x.x...
telnet: connect to address 222.127.x.x: Connection timed out
telnet: Unable to connect to remote host: Connection timed out
Hi,

This is the output.

Last edited by willcastle; 09-27-2010 at 04:06 AM.
 
Old 09-27-2010, 04:11 AM   #42
willcastle
Member
 
Registered: Sep 2010
Location: Philippines
Distribution: Centos
Posts: 63

Original Poster
Rep: Reputation: 0
Code:
[root@porto ~]# telnet 192.168.101.5 25
Trying 192.168.101.5...
Connected to porto.domain.ph (192.168.101.5).
Escape character is '^]'.
220 mail.domain.ph ESMTP zugzug!
Hi,

When I try to telnet with the LAN IP of the server it gives this output. But when I telnet the "domain.ph 25" the connection is failed.

What is the problem?

Thanks
 
Old 09-27-2010, 05:08 AM   #43
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
hi please try this and let us know

Code:
nslookup 192.168.101.5
and

Code:
nslookup domain.ph
 
Old 09-27-2010, 05:09 AM   #44
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,138
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Try sending mails using:

Quote:
telnet yourmailserverdomain.com 25

EHLO yourmailserverdomain.com

MAIL FROM: <user1@yourmailserverdomain.com>

RCPT TO: <user2@yourmailserverdoamin.com>

DATA
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.
 
Old 09-27-2010, 05:34 AM   #45
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778Reputation: 778
Quote:
When I try to telnet with the LAN IP of the server it gives this output. But when I telnet the "domain.ph 25" the connection is failed.
Note: I don't see that any passwords wound up in your logs, but you may want to change the password for w.castillo, just in case.
Going back over the last several posts, your logs are showing that your accounts and authentication are valid, this is good. From what I can tell, your configuration files look good. It does not appear that you have firewalls enabled or in the way, at least on your server as you can telnet it via the LAN. You have applications listening on the correct ports, which is good. Your problem appears to be an issue with port 25 being blocked externally to your server.

The good news is that I think once you get that resolved, things will work for you. I do have a couple of suggestions based on your output, but more on that later. You will want to do two things: 1 - contact your ISP and verify whether or not they deliberately block port 25. You may be able to get that bypassed. Otherwise you may need to find a way to work around by running your mail server on a non standard port. Two, use the traceroute and telnet utilities to see if you can locate the point, i.e. the switch, router, network, etc, where your connection on port 25 dies. Also double check make sure that you don't have any routers or other firewall devices or that if you do, that the ports (25, 110 at least) are open on it and forwarded to the LAN IP of your mailserver, 192.168.101.5.

You received a couple of warning messages about your postfix configuration files, *.cf, not being owned by root. This won't cause operational issues, but typically you want to make these files owned by root and only readable by others and / or the postfix user. This is a security measure to help prevent unauthorized access. It looks like you may also want to make a setting adjustment in Dovecot - see the warning message.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VectorLinux user, must make post before I can post url The Headacher LinuxQuestions.org Member Intro 2 07-02-2011 12:55 PM
Forum suggested I post a first post. So here it is. Linux user Michigan. MixAndMatch LinuxQuestions.org Member Intro 3 01-20-2010 06:52 PM
Suggestion: Minimum post count to post in old inactive threads Eternal_Newbie LQ Suggestions & Feedback 5 04-28-2008 10:34 AM
i dont want to post here but i guess i have to to post relevent links in another thre sluckz LinuxQuestions.org Member Intro 8 10-02-2007 01:55 PM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration