0

Im having issues with outbound mail on my postfix server. postfix is managed via virtualmin/webmin. incomming mail works great with no issues.

when i try to send a mail to any external address i get the follwing error 

Connect to eur.olc.protection.outlook.com[104.47.22.161]:25: Connection timed out

Or 

connect to alt2.gmail-smtp-in.l.google.com[2404:6800:4008:c07::1b]:25: Network is unreachable

DNS Is working fine on this server i can ping every external domain i wan't 

 ping google.com
PING google.com (172.217.20.78) 56(84) bytes of data.
64 bytes from ams15s33-in-f14.1e100.net (172.217.20.78): icmp_seq=1 ttl=54 time=13.7 ms
64 bytes from ams15s33-in-f14.1e100.net (172.217.20.78): icmp_seq=2 ttl=54 time=22.0 ms
64 bytes from ams15s33-in-f14.1e100.net (172.217.20.78): icmp_seq=3 ttl=54 time=12.2 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 12.277/16.027/22.072/4.315 ms

DNS is managed via Cloudflare, MX Record is set to dns only (not proxied)

here is my postfix config 

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.{DOMAINAME}.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, DOMAINAME.com, localhost.$mydomain, $mydomain
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_protocols = all
virtual_alias_maps = hash:/etc/postfix/virtual
sender_bcc_maps = hash:/etc/postfix/bcc
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
home_mailbox = Maildir/
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtp_tls_security_level = may
allow_percent_hack = no
mynetworks_style = subnet

If any additional info is needed let me know

Joey Brummel
  • 1

1 Answers1

0

it doesn't look like a postfix nor a dns problem (both hosts were resolved in the error messages). the network unreachable for the second attempt can come from a not properly configured ipv6 network. the connection timeout could be due to a too restrictive firewall configuration, try to telnet to 104.47.22.161 port 25 instead of ping, which is a different protocol.

TeslaZap
  • 1
  • When I telnet on port 25 too 104.47.22.161 i get a connection time out.. On my side everything should be ok firewall wise. i allowed 25 465 for mail. – Joey Brummel Jun 10 '20 at 17:18
  • check if you have the ACCEPT rule for port 25 in both INPUT and OUTPUT chains if you are using iptables – TeslaZap Jun 11 '20 at 06:35
  • I do not have any firewall rules on the host machine, everything is managed bij pfsense firewall. which also has the rules accepted. Im kinda thinking that my isp is blocking the port at this moment – Joey Brummel Jun 11 '20 at 08:41