LinuxQuestions.org - post/dovecot

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - post/dovecot (https://www.linuxquestions.org/questions/linux-newbie-8/post-dovecot-833651/)

Code:

 nslookup domain.ph

Server:        208.67.222.222

Address:        208.67.222.222#53



Non-authoritative answer:

Name:  domain.ph

Address: 222.127.x.x

Code:

[root@porto ~]# nslookup 192.168.101.5

Server:        208.67.222.222

Address:        208.67.222.222#53



** server can't find 5.101.168.192.in-addr.arpa.: NXDOMAIN

Hi,

This was the output.

Hi,

@Noway 2: How do I bypass the standard ports?

Code:

telnet mail.domain.ph 25

Trying 222.127.x.x...

telnet: connect to address 222.127.x.x: Connection timed out

telnet: Unable to connect to remote host: Connection timed out

When I try telnet this was the output.

Thanks.

Code:

[root@porto ~]# traceroute mail.domain.ph

traceroute to mail.domain.ph (222.127.x.x), 30 hops max, 40 byte packets

 1  * * *

 2  124.107.153.254.pldt.net (124.107.153.254)  12.648 ms  15.545 ms  18.496 ms

 3  124.107.255.177.pldt.net (124.107.255.177)  18.515 ms  19.377 ms  20.418 ms

 4  58.71.0.97 (58.71.0.97)  20.445 ms  22.406 ms  24.280 ms

 5  210.213.128.9.static.pldt.net (210.213.128.9)  174.777 ms  174.801 ms  175.749 ms

 6  GigabitEthernet1-0-0.IG2.LAX1.ALTER.NET (157.130.230.9)  177.909 ms  167.490 ms  166.543 ms

 7  0.so-3-0-0.XL1.LAX1.ALTER.NET (152.63.114.138)  163.616 ms  165.489 ms  169.009 ms

 8  POS6-0.GW1.LAX1.ALTER.NET (152.63.112.217)  167.731 ms  174.147 ms  172.229 ms

 9  TBD-gw.customer.alter.net (157.130.247.6)  179.612 ms  168.189 ms  169.880 ms

10  (120.28.0.81)  335.547 ms  335.764 ms  335.487 ms

11  (120.28.0.182)  335.733 ms  336.099 ms  335.761 ms

12  10.163.111.130 (10.163.111.130)  332.554 ms  334.444 ms  333.475 ms

13  10.109.9.66 (10.109.9.66)  336.607 ms  340.638 ms  332.815 ms

14  222.127.196.54 (222.127.196.54)  354.226 ms  355.900 ms  356.434 ms

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *

Hi,

This was the output when I do traceroute. What do you make out of this output?

Thanks in advance.

Quote:

telnet yourmailserverdomain.com 25

EHLO yourmailserverdomain.com

MAIL FROM: <user1@yourmailserverdomain.com>

RCPT TO: <user2@yourmailserverdoamin.com>

DATA
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)

Hi,

Where will I run this?

Thanks in advance.

Code:

smtpd_sasl_auth_enable = yes

Hi,

What's the function of this code?

Thanks in advance.

Quote:

smtpd_sasl_auth_enable = yes

SASL is an authentication method. It is used to allow users to authenticate themselves on your server so that it will permit mail to be transmitted to domains other than your recipients. When a message comes in, Postfix asks itself, "Is this for my user (domain, aliais, etc)?" and if the answer is no, it then relays the message to the next hop. Normally, this is prohibited (relay access denied) to avoid being an open relay. SASL allows you to authenticate so that it will allow you to relay and send mail to others.

I think the traceroute points us to the problem location. Traceroute does a ping to the final destination and sets the TTL (time to live value) +1 on each hop. As the packet traverses the router, the TTL is decremented so that it "fails" at each router stop. This way you can see where the packet was routed on its way to the destination. In your case, it tells us what was the last stop that we were able to get a response from - hence where did the traffic stop. The limitation to this is that it uses ICMP messaging which doesn't tell us much about which ports are open.

In this case, we can see that the last node to respond was at IP 222.127.196.54. If this is not your public IP, then you need to contact the network admin of this network because it is where the stoppage is occuring. You can find out the contact information by doing a whois 222.127.196.54. In this case it is globenet.com.ph.

It is also interesting that that you are passing through a couple of 10.x.x.x routes which are typically non-routable addresses, but this may be part of their internal processing. You can see that between the start and the destination it is passing through Alter.net as a provider. I notice the addresses in (), which I haven't seen before and I am not sure what this means. A nslookup of the address returns SERVFAIL, suggesting that something may be wrong with their DNS configuration, but I don't think this is the problem.

In anycase, you now have a list of the networks in the middle of the chain. By doing a whois against each of the IP addresses you can find out who owns the networks and then contact them to see if they are blocking port 25. The fact that you can't telnet in from outside your LAN when inside your lan works, and you aren't running a firewall says that someone is blocking the traffic. Start at the end of the list, globenet.com.ph, and see if you can get some results.

Off hand, I am not sure how to go around port 25 as I have never had to deal with this. I am sure there is a way, but I don't know how complicated it would be. I would google for "SMTP on non standard ports" or something similar.

Quote:

In this case, we can see that the last node to respond was at IP 222.127.196.54. If this is not your public IP, then you need to contact the network admin of this network because it is where the stoppage is occuring. You can find out the contact information by doing a whois 222.127.196.54. In this case it is globenet.com.ph.

Hi,

The 222.127.196.54, I think is one of our public IP beacuse I called our ISP which is Globe, gave this to use instead using the one we are using right now.

I hope this will work. I have to consult the IT manager first before we use that IP address.

I noticed that whenever I use the MX lookup or other DNS tools online, it returns a:

Quote:

ERROR: No reverse DNS (PTR) entries. The problem MX records are:
118.45.127.222.in-addr.arpa -> no reverse (PTR) detected
You should contact your ISP and ask him to add a PTR record for your ips

Thank you again for all the response.

Your quite welcome. I hope this works for you. Please let us know one way or the other.
Regarding the reverse lookup, I agree that there does not appear to be a reverse pointer to convert that address to a name. Once you get this working, perhaps your ISP will list your domain in the reverse lookup, some of them will if you request it.

Code:

#ssl_disable = no

#ssl_cert_file = /etc/postfix/ssl/mail-cert.pem

#ssl_key_file = /etc/postfix/ssl/mail-key.pem



protocols = imap imaps pop3 pop3s

listen = *

login_process_size = 64

default_mail_env = maildir:/home/virtual/%u/



namespace private {

  separator = .

  prefix = INBOX.

  inbox = yes

}



namespace private {

  separator = .

  prefix =

  inbox = yes

  hidden = yes

}



mail_extra_groups = postfix

verbose_proctitle = yes

first_valid_uid = 89

first_valid_gid = 89

#umask = 0077

mbox_read_locks = fcntl

mbox_write_locks = fcntl





# If key file is password protected, give the password here. Alternatively

# give it when starting dovecot with -p parameter.

ssl_key_password =



protocol imap {

  imap_client_workarounds = delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep

}



#People who use outlook are fux0red anyway...



protocol pop3 {

  pop3_uidl_format = %08Xu%08Xv

  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh

}

protocol lda {

  postmaster_address = postmaster@patts.edu.ph

  sendmail_path = /usr/sbin/sendmail

}



auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@



auth_debug = yes

auth_verbose = yes

auth default {



passdb sql {

        args = /etc/dovecot-mysql.conf

  }



userdb sql {

        args = /etc/dovecot-mysql.conf

  }

}

Hi,

Can anyone check the config of dovecot.

Thanks in advance.