LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 06-25-2008, 11:12 AM   #1
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Rep: Reputation: 15
postfix - connection refused on outbound mail


Hi there,

on my company I'm trying to set up a mailserver using Postfix. I did install the service and I guess configure it:

here is my main.cf

mydomain = xxx.it
mydestination = $myhostname, localhost.$mydomain, $mydomain,
myorigin = $mydomain, localhost
inet_interfaces = all
relay =

....

well when I try to send a mail to, lets say gmail, I get the connection refused:


un 25 17:40:22 hostname postfix/smtp[12937]: connect to alt1.gmail-smtp-in.l.google.com[209.85.147.114]: Connection refused (port 25)
Jun 25 17:40:22 hostname postfix/smtp[12937]: connect to alt1.gmail-smtp-in.l.google.com[209.85.147.27]: Connection refused (port 25)
Jun 25 17:40:22 hostname postfix/smtp[12937]: connect to gsmtp147.google.com[209.185.147.27]: Connection refused (port 25)
Jun 25 17:40:22 hostname postfix/smtp[12937]: connect to gsmtp183.google.com[64.233.183.27]: Connection refused (port 25)
Jun 25 17:40:22 hostname postfix/smtp[12937]: 87E3A61E0D: to=<xxx@gmail.com>, relay=none, delay=0, status=deferred (connect to gsmtp183.google.com[64.233.183.27]: Connection refused)


Actually I can not understand why that's happening. Any help would be appreciated.

thanks
 
Old 06-25-2008, 11:17 AM   #2
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Did you configure DNS records for your mail server ?

Host record
for the mail server
Reverse DNS record for the mail server
MX record for the mail server

Without these items configured , of course Gmail (hotmail, etc..) will refuse mail from you..
Only spammers don't have valid DNS settings configured for their mail servers..
 
Old 06-25-2008, 11:57 AM   #3
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Original Poster
Rep: Reputation: 15
No, I don't think I've all those information configured. I've just a static IP that the company has and we're planning to host a dozen of domains into it (none yet active) and I thought to go ahead with virtual domains setup.
So, what should I do is I need to have a DNS record that points to the IP of the machine, am I correct?

Thank you very much for you prompt asnwer.
 
Old 06-25-2008, 12:44 PM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Google is rejecting your IP connection, probably because you are on a residential broadband IP network.

Are you trying to use their server's as a relay, or are you trying to send mail to a gmail recipient ?
 
Old 06-25-2008, 01:05 PM   #5
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
Quote:
Originally Posted by asmweb View Post
So, what should I do is I need to have a DNS record that points to the IP of the machine, am I correct?
Yes you need all three of those records I mentioned..

Who is your domain name registered with ? (Network Solutions, GoDaddy, etc.. ) That is where you will need to configure the A (host) record and MX (Mail Exchange) Records.

The Reverse DNS record can only be configured by your ISP.. Whomever provides your internet circuit. so you will need to contact them.
 
Old 06-25-2008, 02:35 PM   #6
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
The OP is trying to *send* mail to gmail. An MX record is so other's can reach you; gmail does not need to do an MX lookup on the OPs system.

An A and PTR record are often required by remote MTAs; without those, some/many will reject.

There is no indication in the reject message about any reject cause - rather, an immediate connection refused is noticed. This is the OP's ISP firewall blocking outbound port 25.
 
Old 06-25-2008, 05:09 PM   #7
farslayer
Guru
 
Registered: Oct 2005
Location: Willoughby, Ohio
Distribution: linuxdebian
Posts: 7,231
Blog Entries: 5

Rep: Reputation: 189Reputation: 189
My mail server won't accept mail without an MX record for the sending server.. Guess it's how the postmaster configures the server..

Quote:
http://www.postfix.org/uce.html#smtp...r_restrictions

Restrictions:

reject_unknown_sender_domain

Reject the request when the sender mail address has no DNS A or MX record. The unknown_address_reject_code parameter specifies the response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error.


reject_unknown_client

Reject the request when the client IP address has no PTR (address to name) record in the DNS, or when the PTR record does not have a matching A (name to address) record. The unknown_client_reject_code parameter specifies the response code to rejected requests (default: 450).
address to name = rDNS

Maybe you don't lock down your mail server against SPAM, but some of us do...

The mail server replying to the message causes backscatter so you may not receive a failed message from Gmail, hotmail, Yahoo mail, etc. if you haven't bothered to configure the basics such as DNS.


If the ISP his company is using for their corporate Internet connection is blocking ports.. it's time for a new ISP..


I'll stand by my statement that all three DNS records are required.

Last edited by farslayer; 06-25-2008 at 05:12 PM.
 
Old 06-25-2008, 05:44 PM   #8
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
I know what postfix restrictions are (see my postfix-logwatch utility).

And using them, you should know that rejects from those smtpd_sender_restrictions generate more verbose reject responses, which postfix will log as a more informative message, with SMTP reply codes, and even DNS codes.

A connection to the IP address given by the IP works just fine.

$ telnet 209.85.147.114 25
Trying 209.85.147.114...
Connected to wa-in-f114.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP m25si6437596waf.41
EHLO example.com
250-mx.google.com at your service, [208.74.177.132]
250-SIZE 28311552
250-8BITMIME
250 ENHANCEDSTATUSCODES
quit

If the OP tries this same test, he will find Connection refused. Connection refused comes from the networking library software of the OS; a socket connection cannot be established. This does not come from Postfix. Furthermore, the remote MTA never had a chance to reject, because the socket connection was never made.

$ telnet localhost 9999
Trying ::1...
telnet: connect to address ::1: Connection refused

Last edited by Mr. C.; 06-25-2008 at 05:49 PM.
 
Old 06-26-2008, 03:31 AM   #9
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Original Poster
Rep: Reputation: 15
@MR.C
No, I'm just trying to send the mail to its gmail address. I'm not using any relay at all just direct delivery. I've my 25 port open as I can connect to it via telnet:

telnet xxx.xxx.xxx.xxx 25
 
Old 06-26-2008, 11:59 AM   #10
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
So you are saying that you can telnet to that gmail IP succcessfully ?

Show the command and output of that connection.
 
Old 07-01-2008, 06:30 AM   #11
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Original Poster
Rep: Reputation: 15
Well today I got the host record and the mx record for the server but still waiting for the reverse dns. At the moment I can

dig mail.domain.tld

<<>> DiG 9.2.4 <<>> mail.domain.tld
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18006
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mail.domain.tld. IN A

;; ANSWER SECTION:
mail.domain.tld. 43069 IN A xxx.xxx.xxx.xxx

;; AUTHORITY SECTION:
mail.domain.tld. 43069 IN NS ns1.dnsxxx.tld.
mail.domain.tld. 43069 IN NS ns2.dnsxxx.tld.

;; ADDITIONAL SECTION:
ns1.dnsxxx.tld. 2300 IN A IP
ns2.dnsxxx.tld. 2300 IN A IP

;; Query time: 1 msec
;; SERVER: xxx.xxx.xxx.xxx#53(IP)
;; WHEN: Tue Jul 1 13:26:52 2008
;; MSG SIZE rcvd: 145

the very same output for www.domain.tld

So from what I understood I should be waiting for the provider to assign the rDNS (ip to the domain name) in order to proceed with the configuration, am I correct
 
Old 07-01-2008, 12:08 PM   #12
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Did you try the telnet test I suggested?
 
Old 07-02-2008, 03:49 AM   #13
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Original Poster
Rep: Reputation: 15
Yes I did that, here is what I got:

I did that from my mailserver, from outside I can not connect to that server

telnet mail.domain.tld 25
Trying xxx.xxx.xxx.xxx...
Connected to mail.domain.tld (xxx.xxx.xxx.xxx).
Escape character is '^]'.
220 mail.domain.tld ESMTP Postfix
ehlo mail.domain.tld
250-mail.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-XVERP
250 8BITMIME
mail from: mymail@anotherdomain.com
250 Ok
rcpt to: mymail@anotherdomain.com
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
prova2
.
250 Ok: queued as 2349C61E21


mailq

349C61E21 408 Wed Jul 2 10:42:53 mymail@anotherdomain.com
(connect to mail.anotherdomain.com[194.242.61.19]: Connection refused)
mymail@anotherdomain.com
 
Old 07-02-2008, 03:56 AM   #14
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
I'm sorry, I'm confused as to what you've accomplished. Your domain names above are obfuscated, so I'm not sure what the above proves, other than you get a connection refused from the host at apparently 194.242.61.19. I'm further confused by "from outside I can not connect to that server". Outside where? I thought we were trying to establish if from your postfix server machine can telnet to the IP 209.85.147.114, as in:

telnet 209.85.147.114 25

and successfully establish a connection.
 
Old 07-02-2008, 04:04 AM   #15
asmweb
LQ Newbie
 
Registered: Sep 2005
Posts: 23

Original Poster
Rep: Reputation: 15
Sorry it was me making some bad writtings... well I can connect from the server via telnet to postfix by doing

telnet mail.mydomain.tld 25 or telnet myip 25 and I get all the results I wrote you earlier

what I can get as you noticed is a connection refused by the other host; I have to say that I did not have the rDNS active yet so it might be that but I'm not quite sure.

Well from outside the server I mean that I tried to connect to the mailserver from another machine outside the network and I can not do that.

Hope I was clear this time

thank you for the answer
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Suse 10.3- Postfix - Connection refused jono_tt Linux - Newbie 1 06-24-2008 06:36 PM
connection refused for postfix - cant download mail thandika Linux - Server 2 10-02-2007 07:05 AM
Postfix: appending to outbound mail conditionally jgombos Linux - Server 0 03-23-2007 08:45 PM
POSTFIX holding mail in qeue, won't deliver, connection refused bentman78 Linux - Software 2 10-27-2004 07:11 AM
Connection Refused - Postfix seanfitz Linux - Networking 1 01-07-2004 02:34 PM


All times are GMT -5. The time now is 12:50 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration