Hi I have a dilemma: - YaST says that my firewall is open for email ('Mail Server' is listed as an allowed service). - an external check tool (www.checkDNS.net) says that my port 25 is closed. What can I do to ensure that I can receive email behind my firewall by direct SMTP? (DNS for my domain is configured and, behind the firewall, responds correctly to 'dig') Any guidance very much appreciated Thanks John
John wrote:
Hi
I have a dilemma:
- YaST says that my firewall is open for email ('Mail Server' is listed as an allowed service).
- an external check tool (www.checkDNS.net) says that my port 25 is closed.
What can I do to ensure that I can receive email behind my firewall by direct SMTP?
(DNS for my domain is configured and, behind the firewall, responds correctly to 'dig')
Start by checking if your server really is accepting mail from the network. on your server: netstat -antp| grep ":25" Do you see a line like: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3424/master If so, check further: telnet localhost 25 -> 220 japantest.homelinux.com ESMTP Postfix Do you see the smtp banner of postfix? then try your ip from the server console: telnet your-internal-server-ip 25 Do you see the smtp banner of postfix? Now from a client in your internal network: telnet your-internal-server-ip 25 Do you see the smtp banner of postfix? If all of that does work then try to use an external client outside your network (and outside your firewall): telnet official-ip-of-postfix 25 Do you see the smtp banner of postfix? If one of those steps fails don't bother to check the later tests and first fix the failing check. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic wrote:
John wrote:
Hi
I have a dilemma:
- YaST says that my firewall is open for email ('Mail Server' is listed as an allowed service).
- an external check tool (www.checkDNS.net) says that my port 25 is closed.
What can I do to ensure that I can receive email behind my firewall by direct SMTP?
(DNS for my domain is configured and, behind the firewall, responds correctly to 'dig')
Start by checking if your server really is accepting mail from the network.
on your server: netstat -antp| grep ":25"
Do you see a line like: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3424/master
OK
If so, check further: telnet localhost 25 -> 220 japantest.homelinux.com ESMTP Postfix Do you see the smtp banner of postfix?
OK
then try your ip from the server console: telnet your-internal-server-ip 25 Do you see the smtp banner of postfix?
Connection refused.
Now from a client in your internal network: telnet your-internal-server-ip 25 Do you see the smtp banner of postfix?
If all of that does work then try to use an external client outside your network (and outside your firewall): telnet official-ip-of-postfix 25 Do you see the smtp banner of postfix?
If one of those steps fails don't bother to check the later tests and first fix the failing check.
Sandy
Thanks, thus far, as you see above, local host worked but not the server's IP address. YaST says that 'Mail Server' is listed as an allowed service in the firewall configuration so what do I try next, please? J
John wrote:
Sandy Drobic wrote:
John wrote:
Hi
I have a dilemma:
- YaST says that my firewall is open for email ('Mail Server' is listed as an allowed service).
- an external check tool (www.checkDNS.net) says that my port 25 is closed.
What can I do to ensure that I can receive email behind my firewall by direct SMTP?
(DNS for my domain is configured and, behind the firewall, responds correctly to 'dig')
Start by checking if your server really is accepting mail from the network.
on your server: netstat -antp| grep ":25"
Do you see a line like: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3424/master
OK
Does it really say Listen on 0.0.0.0:25? Or does it say Listen on 127.0.0.1:25? Please show output of "postconf -n". If you see the parameter inet_interfaces = localhost or 127.0.0.1, do the following steps: postconf -e 'inet_interfaces = all' postfix stop postfix start Then check again with postconf -n that inet_interfaces is now set to "all". The output of "netstat -antp| grep ':25'" should now show exactly this: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN some-number/master If so proceed with the next checks. Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic wrote:
John wrote:
Sandy Drobic wrote:
John wrote:
Hi
I have a dilemma:
- YaST says that my firewall is open for email ('Mail Server' is listed as an allowed service).
- an external check tool (www.checkDNS.net) says that my port 25 is closed.
What can I do to ensure that I can receive email behind my firewall by direct SMTP?
(DNS for my domain is configured and, behind the firewall, responds correctly to 'dig')
Start by checking if your server really is accepting mail from the network.
on your server: netstat -antp| grep ":25"
Do you see a line like: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 3424/master
OK
Does it really say Listen on 0.0.0.0:25?
Or does it say Listen on 127.0.0.1:25?
Please show output of "postconf -n". If you see the parameter inet_interfaces = localhost or 127.0.0.1, do the following steps:
postconf -e 'inet_interfaces = all' postfix stop postfix start
Then check again with postconf -n that inet_interfaces is now set to "all".
The output of "netstat -antp| grep ':25'" should now show exactly this: tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN some-number/master
If so proceed with the next checks.
Sandy
It said 127.0.0.1:25! I've now worked through your two sets of tests and rechecked against www.checkDNS.net and appear to have a visible mail server. Many Thanks John
John wrote:
I've now worked through your two sets of tests and rechecked against www.checkDNS.net and appear to have a visible mail server.
You're welcome. (^-^) Still, I would recommend to read the basic documentation for Postfix in order to get a grip on how Postfix actually works and how you check that everything is working as it should. This includes the knowledge how postfix restrictions work, the order they are processed, how a normally working system behaves and what logs are normal or alarming. One very important step is to set up server monitoring, both for hardware and for the Postfix service. Check the disk space regurlarly and send yourself some report about the activity of Postfix. Both can be scripted with little effort for great gain. It is amazing how much you need to know to administer any mailserver with some degree of competence. But it is sufficient if you know when you are in trouble to scream for help before all hope is lost, and that is where the monitoring steps in. Last but not least: document your setup and implement a backup. And do that while the knowledge is still fresh in your memory.(^-^) Sandy -- List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
Sandy Drobic wrote:
John wrote:
I've now worked through your two sets of tests and rechecked against www.checkDNS.net and appear to have a visible mail server.
You're welcome. (^-^)
Still, I would recommend to read the basic documentation for Postfix in order to get a grip on how Postfix actually works and how you check that everything is working as it should. This includes the knowledge how postfix restrictions work, the order they are processed, how a normally working system behaves and what logs are normal or alarming. One very important step is to set up server monitoring, both for hardware and for the Postfix service. Check the disk space regurlarly and send yourself some report about the activity of Postfix. Both can be scripted with little effort for great gain.
It is amazing how much you need to know to administer any mailserver with some degree of competence. But it is sufficient if you know when you are in trouble to scream for help before all hope is lost, and that is where the monitoring steps in.
Last but not least: document your setup and implement a backup. And do that while the knowledge is still fresh in your memory.(^-^)
Sandy
Sound advice! Once again, many Thanks John
participants (2)
-
John
-
Sandy Drobic