Postfix server - does not receive external email
FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 18
  1. #1
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Postfix server - does not receive external email

    Hello all -

    I have been running an email server on a Red Hat 9 system for 5 years, and wanting to upgrade it
    to the latest Fedora OS. A few days ago it crashed, helping me decide on when to do it

    The server is running Fedora 11 (up-to-date). Clients are Fedora 11 and Windows XP machines
    using Thunderbird for accessing email.

    The server is running Postfix and Dovecot.

    Within my local network I can send and receive emails.
    I can also send email to addresses outside of my local network.

    The only problem is that I cannot receive --ANY-- email from outside the local network.

    I cannot think of anything aside from my firewall (iptables) or postfix config that could be
    causing the problem. Below are my iptables file, and the postfix main.cf changes that I
    have made. Any help greatly appreciated!!!


    iptables (the same file I was using on Red Hat version 9 with one minor deprecated syntax changed):

    *nat
    :PREROUTING ACCEPT [22:1894]
    :POSTROUTING ACCEPT [14:840]
    :OUTPUT ACCEPT [17:1356]
    -A POSTROUTING -o eth0 -j MASQUERADE
    COMMIT
    *filter
    :INPUT ACCEPT [28143:13743218]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [775083:69212122]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A FORWARD -j RH-Lokkit-0-50-INPUT
    -A FORWARD -s 192.168.111.0/255.255.255.0 -j ACCEPT
    -A FORWARD -d 192.168.111.0/255.255.255.0 -j ACCEPT
    -A FORWARD ! -s 192.168.111.0/255.255.255.0 -j DROP
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 111 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 2049 --dport 2049 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --sport 111 --dport 111 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i eth1 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT
    COMMIT


    Changes to Postfix main.cf:

    myhostname = mail.jkalpers.com
    mydomain = jkalpers.com
    myorigin = $mydomain
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, $mydomain, mail.$mydomain
    mynetworks = 192.168.111.0/8 127.0.0.0/8
    relay_domains =

  2. #2
    Join Date
    Dec 2009
    Location
    seattle
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wouldnt the issue likely be with dovecot if you can send and not receive?

    are you using port 25?

  3. #3
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ninjashoes
    wouldnt the issue likely be with dovecot if you can send and not receive?

    are you using port 25?
    Thanks for writing!

    Just to clarify, I -can- receive mail (in Thunderbird) as long as that mail originates within my domain. I cannot receive any email from "the other side of the firewall". That is why I suspected the firewall / Postfix part of the chain. But I am not an expert by any means.

    Postfix is listening on Port 25.
    Dovecot is listening on Port 110, which is what Thunderbird is set (it's default) for POP3.
    I have verified this with
    lsof -i tcp:25
    and
    lsof -i tcp:110
    and can post the results if it will help.

    Perhaps these clues may help:

    My server/firewal (iptables) machine is running Postfix and Dovecot. (named Sharkstooth)
    I am running Thunderbird on a client machine on the local network. (named LongsPeak).

    If I log into Sharkstooth and type "mail" it reports only mail sent from either of these two machines
    to my mail account --- nothing from outside my domain. This doesn't even use Dovecot - just a
    simple text-based email reader. That is why I didn't suspect Dovecot.

    I did set up a GMAIL account so I can send myself test messages from outside my domain.
    None of them get through to even this simple test of using the "mail" program on the server.

    I hope this helps - I am baffled by this, and am certain it is something very simple (and will
    probably make me feel stupid when I know what it is)

    Joel.

  4. #4
    Join Date
    Jan 2010
    Posts
    7,568
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    How is the server connected to the Internet? Through a router? If so, is the router configured to redirect port 25 to the machine running postfix?

  5. #5
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Another clue

    I just checked my GMAIL account, and have warnings for the test messages I tried to send
    yesterday to myself from outside my domain:


    Technical details of temporary failure:
    The recipient server did not accept our requests to connect. Learn more at http://mail.google.com /support/bin/answer.py?answer=7720
    [jkalpers.com (1): Connection timed out]

    Their suggestions:

    * The other domain doesn't have up-to-date MX records or is otherwise misconfigured.
    * The other domain is blacklisting or graylisting messages from Gmail.
    * The other domain is experiencing temporary networking problems.

    I do have an MX record. If my server is blacklisting or graylisting, I don't know about it.

    Joel.

  6. #6
    Join Date
    Jan 2010
    Posts
    7,568
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I'm not sure about Fedora (I've only setup postfix in CentOS and *BSD), but black or greylisting of gmail shouldn't be the issue.

    One way to test is to try to telnet (from outside) to your mailserver and see if the errors give any hints.

    If you have a copy of your old main.cf then you can compare it with the new and see what differences are there. It often turns out to be a typo .

  7. #7
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by smr54
    I'm not sure about Fedora (I've only setup postfix in CentOS and *BSD), but black or greylisting of gmail shouldn't be the issue.

    One way to test is to try to telnet (from outside) to your mailserver and see if the errors give any hints.

    If you have a copy of your old main.cf then you can compare it with the new and see what differences are there. It often turns out to be a typo .
    I do still have a copy of the old main.cf, and used it as a guide for what to set in
    the new copy. I have compared them, but will do another time and make sure
    there are no typos, thanks for the suggestion.


    I did try a telnet from an outside machine (telnet mail.jkalpers.com). The error is:

    Could not open connection to the host, on port 23: Connection failed.

    Now, I don't have telnet from the outside enabled in my firewall (i.e.port 23 is not
    in the accept list) so I don't know if this reveals much.

    When another system sends an email to my domain, does it try to open a port
    number? If so, which one? Port 25? (i.e. is port 25 used for the SMTP server
    regardless of whether a process is sending or requesting email???)

    Thanks -

    Joel.

  8. #8
    Join Date
    Jan 2010
    Posts
    7,568
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    My bad, and apologies--I was using mental shorthand. When testing a mailserver, you can try telnetting on port 25, e.g.

    telnet myserver 25

    to see if it's listening.

    For your other question yes, port 25 has to be directed from the outside, e.g., your router, to the server running postfix, if it is going to receive mail from outside.

    http://wiki.centos.org/HowTos/postfix

    gives some nice tips, though it's for CentOS 5.x


    mail.jkalpers.com gives me an unknown address. Running dig -t MX jkalpers.com indicates that your mailserver is known to the outside world simply as jkalpers.com. Trying to telnet jkalpers.com 25 just hangs, possibly indicating an issue on my machine, or indicating that port 25 is not open to the outside world on your mailserver.

    ---------- Post added at 03:34 PM CST ---------- Previous post was at 02:58 PM CST ----------

    Also in /etc/master.cf (not main.conf) sometimes, you have to uncomment the line


    smtp inet n - n - - smtpd


    (though it shouldn't be commented out in the first place. Never hurts to be sure though, that there isn't a # in front of it.)

    netstat -an |grep 25 should show something like

    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN

  9. #9
    Join Date
    Jul 2005
    Posts
    996
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Did you check with your isp to verify they aren't blocking port 25?
    ======
    Doug G
    ======

  10. #10
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Solved! Thanks, all!!!

    Thank you all for your suggestions and help.

    I said a few messages back that when the problem would be found, it would be something simple that
    would make me feel stupid. How right I was!

    I had an incorrect IP address entered for my domain --- xxx,xxx,xxx,230 instead of xxx.xxx.xxx.225

    I had never thought to look at that, since I could access external WEB pages - Duh! Didn't occur to
    me that it has to agree with the registered IP number to make the rest of the things work.

    Again, thanks to all who offered help, and sorry for the wild goose chase!

    Joel.

  11. #11
    Join Date
    Jan 2010
    Posts
    7,568
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Glad it's fixed--I remember having an obvious typo in main.cf once, and I simply kept overlooking it. Something like forgetting a slash or the like.

  12. #12
    Join Date
    Jan 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unable to share HP4+ printer with Fedora and XP machines

    Hello -

    I have a Fedora-11 server runing CUPS that has a local HP4+ printer attached. It works fine
    locally (i.e prints test pages). I am trying to share this printer with another Fedora-11 computer
    AND with a Windows XP computer using Samba.

    On the machine that the printer is connected to, my /etc/cups/printer.conf file shows the printer:

    # Printer configuration file for CUPS v1.4.2
    # Written by cupsd on 2010-01-28 23:10
    # DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING
    <Printer HP_LaserJet_4_Plus>
    Info HP LaserJet 4 Plus
    Location
    MakeModel HP LaserJet 4 Plus Foomatic/gutenprint-ijs-simplified.5.2
    DeviceURI parallel:/dev/lp0
    State Idle
    StateTime 1264745362
    Type 8392724
    Filter application/vnd.cups-raw 0 -
    Filter application/vnd.cups-postscript 100 foomatic-rip
    Filter application/vnd.cups-pdf 0 foomatic-rip
    Filter application/vnd.apple-pdf 25 foomatic-rip
    Accepting Yes
    Shared Yes
    JobSheets none none
    QuotaPeriod 0
    PageLimit 0
    KLimit 0
    OpPolicy default
    ErrorPolicy stop-printer
    </Printer>

    Similarly, the /etc/printcap knows the printer is there:

    # This file was automatically generated by cupsd(8) from the
    # /etc/cups/printers.conf file. All changes to this file
    # will be lost.
    HP_LaserJet_4_Plus|HP LaserJet 4 Plus:rm=Sharkstooth:rp=HP_LaserJet_4_Plus:

    From the Fedora-11 client, I get the following error message:

    Page 1 (Scheduler not running?):
    {'cups_connection_failure': False}
    Page 2 (Choose printer):
    {'cups_dests_available': [('Stylus-Photo-R280', None),
    ('hp-LaserJet-1300', None)],
    'cups_queue_listed': False}
    Page 3 (Local or remote?):
    {'printer_is_remote': True}
    Page 4 (Remote address):
    {'remote_server_ip_address': '192.168.111.7',
    'remote_server_name': '\\\\sharkstooth'}
    Page 5 (Check network server sanity):
    {'remote_server_name_resolves': False,
    'remote_server_try_connect': '\\\\sharkstooth'}
    Page 6 (Locale issues):
    {'printer_page_size': None,
    'system_locale_lang': 'en_US',
    'user_locale_ctype': 'en_US',
    'user_locale_messages': 'en_US'}

    The Windows XP cannot see the printer at all. I do have Samba running, and I can
    see (on the Windows XP machine) my home directory on the Fedora-11 server, so I know
    at least that the basic Samba is operating (just not printer sharing).

    On the client Fedora-11 machine, if I run System->Administration->Printing->New, it simply
    gives me the rotating "busy" indicator infinitely (or at least, it seems like it!)

    Now, the big hurdle was getting to see /home/joela directories on the XP machine from the
    Fedora-11 server, and that is working, but it would sure be nice to be able to access the
    remote printer from XP as well....

    Any bright ideas? (I am fresh out!)

    Joel.

    ---------- Post added at 11:42 PM CST ---------- Previous post was at 11:39 PM CST ----------

    My sincere apologies - I accidentally posted this as a reply to a prior (solved) issue. I will
    re-post it to a new thread.

    Sorry for any confusion!

    Joel.

  13. #13
    Join Date
    Apr 2015
    Location
    Philippines
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Postfix server - does not receive external email

    I'm experiencing the same problem. I suddenly cannot receive external emails. I have checked the logs and no errors were found. I also have not changed any configuration. I tried to report this to our ISP because I suspect that they are blocking it.

    What is the best way to test and to prove to them that they are indeed doing some blocking.


    Thanks and regards to everyone.

  14. #14
    Join Date
    Nov 2005
    Posts
    85
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: Postfix server - does not receive external email

    Quote Originally Posted by loualbertlaurel
    I'm experiencing the same problem. I suddenly cannot receive external emails. I have checked the logs and no errors were found. I also have not changed any configuration. I tried to report this to our ISP because I suspect that they are blocking it.

    What is the best way to test and to prove to them that they are indeed doing some blocking.


    Thanks and regards to everyone.
    Quite likely they are blocking all traffic on port 25. Many, many ISPs do as there are so many mis-configured email servers out there acting as open relays.

  15. #15
    Join Date
    Jan 2010
    Posts
    7,568
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Re: Postfix server - does not receive external email

    You may actually want to ask a moderator to move this to a new thread, as the old one is 6 years old.
    Don't worry, many of us have done that.

    Anyway, as ptuk says, it's quite possible your ISP is blocking port 25--in the US, I think Verizon does, not sure about most others, Time Warner doesn't at this time.

    From somewhere outside, try to telnet to your mail host at port 25 and see.

Page 1 of 2 1 2 LastLast

Similar Threads

  1. Email Server Postfix with Cyrus
    By TyraelOdium in forum Servers & Networking
    Replies: 0
    Last Post: 22nd October 2009, 02:07 AM
  2. Postfix Server Email Address Format
    By linux_fed2 in forum Servers & Networking
    Replies: 5
    Last Post: 6th January 2006, 04:34 AM
  3. Postfix Email server
    By linux_fed2 in forum Servers & Networking
    Replies: 9
    Last Post: 22nd August 2005, 03:52 AM
  4. can't receive email(postfix)
    By strongzzj in forum Servers & Networking
    Replies: 0
    Last Post: 5th May 2005, 08:49 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •