Hi

I can telnet and connect to dovecot on 110
but when I telnet and connect to smtp on 25 I get connection refused by host. The mail server, web server etc is all the same machine.

Can someone please tell me whats wrong with my iptables - assuming this is what is the problem. Though even when I
telnet localhost 25
I get the same problem, cannot connect to host: Connection refused. I've run out of ideas and going mad here!

Many thanks

Kevin

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~

Is the firewall you posted running on the server? If so, I don't see any wrong with it. Is it possible a firewall on your client machine is causing this? Or the SMTP server doesn't like telnet?

If none of this leads you to the problem, there are some things you can do to troubleshoot.

One useful thing is to look at packet counts for rules using (as root):

The first column will show how many packets have matched that rule. You can take this one step further by adding a rule to log rejected packets immediately prior to the REJECT rule.

You can also run a packet sniffer such as tcpdump or wireshark to see what packets are actually getting sent. If you run a packet sniffer remotely over ssh, make sure you specifiy "not tcp port 22".