LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Getting a Postfix mail server working properly on Ubuntu (http://www.linuxquestions.org/questions/linux-server-73/getting-a-postfix-mail-server-working-properly-on-ubuntu-715622/)

RealMadrid2727 03-30-2009 07:36 PM

Getting a Postfix mail server working properly on Ubuntu
 
Hi everyone.

I'm relatively new to Linux with some experience in UNIX (Darwin/OS X and Solaris) and I'm trying to get a mail server running on Ubuntu 8.04 to send out emails from my web apps. Right now my focus is on actually SENDING mail, I'll worry about receiving properly when that matters to me.

These apps in question (Rails apps) were on Solaris before, hosted on Joyent, and mail seemed to just work out of the box. Since I've never actually set up a mail server, I looked for a good guide and found one here:

https://help.ubuntu.com/8.04/serverguide/C/postfix.html

I followed it down to the letter, obviously only changing things like IP and domain names.

Doing checks with http://www.mxtoolbox.com/ shows there are no issues, I have MX setup, RDNS, etc.

The problem is I can't get any mail sent out. This is a quick snippet of the mail.info logs found in /var/log

Code:

Mar 30 10:21:31 vn1111 postfix/smtp[28169]: connect to iname-com.mr.outblaze.com[208.36.123.59]:25: Connection timed out
Mar 30 10:21:31 vn1111 postfix/smtp[28167]: connect to c.mx.mail.yahoo.com[216.39.53.2]:25: Connection timed out
Mar 30 10:21:31 vn1111 postfix/smtp[28165]: connect to e.mx.mail.yahoo.com[216.39.53.1]:25: Connection timed out
Mar 30 10:22:01 vn1111 postfix/smtp[28164]: connect to mx3.hotmail.com[65.54.245.72]:25: Connection timed out
Mar 30 10:22:01 vn1111 postfix/smtp[28169]: connect to iname-com.mr.outblaze.com[208.36.123.55]:25: Connection timed out

Lots of those, different domains, etc. If I do a telnet like the guide says and everything checks out fine. I can also send an email to root@mydomain.com and receive that message, so I really don't think it's Postfix failing, it seems to be "fine."

This is on a dedicated server, not a home thing with an ISP that likes to block/filter SMTP ports so that's not the culprit..

Anyone have any ideas? Thanks in advance, I've been Googling for hours.

archangel_617b 03-31-2009 10:28 AM

Can you maybe just tcpdump a test and see if it looks sane? Something like "tcpdump port 25" and then try sending another email.

- Arch

RealMadrid2727 03-31-2009 11:20 AM

Short sample of the output form tcpdump:

Code:

12:18:44.940379 IP vn1111.fireboxhosting.com.49115 > mail.hotmail.com.smtp: S 329455344:329455344(0) win 5840 <mss 1460,sackOK,timestamp 48015 0,nop,wscale 7>
12:18:44.947880 IP vn1111.fireboxhosting.com.39653 > de.mx.aol.com.smtp: S 323782023:323782023(0) win 5840 <mss 1460,sackOK,timestamp 48016 0,nop,wscale 7>
12:18:44.959030 IP vn1111.fireboxhosting.com.43204 > smtp-mx005.me.com.smtp: S 323207988:323207988(0) win 5840 <mss 1460,sackOK,timestamp 48017 0,nop,wscale 7>
12:18:45.030393 IP vn1111.fireboxhosting.com.44700 > mta-v14.mail.vip.re4.yahoo.com.smtp: S 331984661:331984661(0) win 5840 <mss 1460,sackOK,timestamp 48024 0,nop,wscale 7>
12:18:45.060389 IP vn1111.fireboxhosting.com.44287 > mta-v8.mail.vip.mud.yahoo.com.smtp: S 328104472:328104472(0) win 5840 <mss 1460,sackOK,timestamp 48027 0,nop,wscale 7>
12:18:45.060404 IP vn1111.fireboxhosting.com.46771 > mta-v1.mail.vip.ac4.yahoo.com.smtp: S 325889141:325889141(0) win 5840 <mss 1460,sackOK,timestamp 48027 0,nop,wscale 7>

Looks sane, no?

archangel_617b 03-31-2009 11:54 AM

Quote:

Originally Posted by RealMadrid2727 (Post 3493849)
Short sample of the output form tcpdump:

Code:

12:18:44.940379 IP vn1111.fireboxhosting.com.49115 > mail.hotmail.com.smtp: S 329455344:329455344(0) win 5840 <mss 1460,sackOK,timestamp 48015 0,nop,wscale 7>
12:18:44.947880 IP vn1111.fireboxhosting.com.39653 > de.mx.aol.com.smtp: S 323782023:323782023(0) win 5840 <mss 1460,sackOK,timestamp 48016 0,nop,wscale 7>
12:18:44.959030 IP vn1111.fireboxhosting.com.43204 > smtp-mx005.me.com.smtp: S 323207988:323207988(0) win 5840 <mss 1460,sackOK,timestamp 48017 0,nop,wscale 7>
12:18:45.030393 IP vn1111.fireboxhosting.com.44700 > mta-v14.mail.vip.re4.yahoo.com.smtp: S 331984661:331984661(0) win 5840 <mss 1460,sackOK,timestamp 48024 0,nop,wscale 7>
12:18:45.060389 IP vn1111.fireboxhosting.com.44287 > mta-v8.mail.vip.mud.yahoo.com.smtp: S 328104472:328104472(0) win 5840 <mss 1460,sackOK,timestamp 48027 0,nop,wscale 7>
12:18:45.060404 IP vn1111.fireboxhosting.com.46771 > mta-v1.mail.vip.ac4.yahoo.com.smtp: S 325889141:325889141(0) win 5840 <mss 1460,sackOK,timestamp 48027 0,nop,wscale 7>

Looks sane, no?

You're not getting a SYNACK back so you're not even establishing a TCP connection to those hosts, much less an SMTP connection. This looks like a network layer issue. You said you can do a telnet session with these hosts though, right? Can you tcpdump a telnet session and we can compare it with what you captured with postfix?

- Arch

RealMadrid2727 03-31-2009 12:23 PM

Hmm, I can't telnet to any of those from the server in question. I can do it from my local computer though, but not from the server with the problem. Also I did the tcpdump again with the -v option real fast:

Code:

# tcpdump port 25 -v
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:20:47.879133 IP (tos 0x0, ttl 64, id 46572, offset 0, flags [DF], proto TCP (6), length 60) vn1111.fireboxhosting.com.36569 > wa-in-f27.google.com.smtp: S, cksum 0x34c1 (correct), 3049247675:3049247675(0) win 5840 <mss 1460,sackOK,timestamp 420309 0,nop,wscale 7>
13:20:47.886638 IP (tos 0x0, ttl 64, id 25648, offset 0, flags [DF], proto TCP (6), length 60) vn1111.fireboxhosting.com.36570 > wa-in-f27.google.com.smtp: S, cksum 0x056a (correct), 3058958972:3058958972(0) win 5840 <mss 1460,sackOK,timestamp 420310 0,nop,wscale 7>
13:20:59.879133 IP (tos 0x0, ttl 64, id 46573, offset 0, flags [DF], proto TCP (6), length 60) vn1111.fireboxhosting.com.36569 > wa-in-f27.google.com.smtp: S, cksum 0x3011 (correct), 3049247675:3049247675(0) win 5840 <mss 1460,sackOK,timestamp 421509 0,nop,wscale 7>
13:20:59.886637 IP (tos 0x0, ttl 64, id 25649, offset 0, flags [DF], proto TCP (6), length 60) vn1111.fireboxhosting.com.36570 > wa-in-f27.google.com.smtp: S, cksum 0x00ba (correct), 3058958972:3058958972(0) win 5840 <mss 1460,sackOK,timestamp 421510 0,nop,wscale 7>
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel

Since I can't telnet to those and that seems to be the problem, do you know what the solution is? I'm really hoping it's a "oh that's easy! Just type X command and you're good to go!"

But we all know it's never that easy :-P

archangel_617b 03-31-2009 01:01 PM

Quote:

Originally Posted by RealMadrid2727 (Post 3493919)
But we all know it's never that easy :-P

Ain't that the truth :P

Okay, so you've got some network layer problem. Either network connectivity or a firewall.

Test network connectivity for that system. I am guessing you're connecting to this system remotely so it should be okay. But can you please confirm? Ping the default gateway for that system, the DNS servers, and some random host Online (the OpenDNS servers are usually good for me: 208.67.222.222 and 208.67.220.220).

Assuming that's fine, I think we can assume this is a firewall problem. Check that host's firewall first:

Code:

iptables -L -v
If that looks okay, I think it's probably your hosts or their service provider that is giving you grief so it's probably best at that point to raise the issue with them.

You can try generating smtp packets to see just which hop is dropping them with a utility like "hping". It's been a few years since I've had to use that though.

- Arch

RealMadrid2727 03-31-2009 01:10 PM

Thanks for the reply, archangel.

A few things:

I'm doing all of this from a Mac connected to the same network as the machine in question (in the datacenter) so I don't think it's something inherently wrong with the network, just with my abilities to pull this off without a hitch. The Mac itself (which I'm using to connect via SSH to the Ubuntu server) can do it all fine, I can send out test emails from there.

Here's the IPTables output:

Code:

# iptables -L -v
Chain INPUT (policy ACCEPT 86083 packets, 7967K bytes)
 pkts bytes target    prot opt in    out    source              destination       

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target    prot opt in    out    source              destination       

Chain OUTPUT (policy ACCEPT 133K packets, 170M bytes)
 pkts bytes target    prot opt in    out    source              destination

Pings are fine, connecting to the machine via SSH remotely is fine, I can telnet localhost 25 and ehlo fine.

archangel_617b 03-31-2009 03:16 PM

All looks and sounds sane to me. This is usually a trivial setup. What about trying to connect to other mail systems? Try Google and a couple others, maybe it is just a coincidence the three networks you've tried aren't working for you ...

Other than that, not too sure. This is normally a pretty trivial setup...

- Arch

RealMadrid2727 03-31-2009 03:46 PM

Tried using Sendmail and Citadel instead of Postfix, just for posterity.

Fail.

It's definitely the fact that I can't connect to anything via port 25, no idea why. No other ideas?

archangel_617b 03-31-2009 05:57 PM

Quote:

Originally Posted by RealMadrid2727 (Post 3494116)
Tried using Sendmail and Citadel instead of Postfix, just for posterity.

Fail.

It's definitely the fact that I can't connect to anything via port 25, no idea why. No other ideas?

Well, you can try using hping to see how far port 25 packets go. Or you can try setting up another mail server within the same network and see if the two systems can exchange mail.

- Arch


All times are GMT -5. The time now is 04:55 PM.