Can't reach my alternative SMTP port

Question

I can't seem to reach my open SMTP ports. I opened 587 and 2525, and it shows they're listening:

tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2525            0.0.0.0:*               LISTEN
tcp6       0      0 :::587                  :::*                    LISTEN
tcp6       0      0 :::2525                 :::*                    LISTEN

I also opened my ports in the iptables:

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:2525
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission

But when I telnet from my computer into port 2525 and 587 it just closes instead of showing the welcome message like it does on port 25.

Here's a part of my master.cf

smtp inet n - - - - smtpd
submission inet n      -       n       -       -       smtpd
2525      inet  n       -       -       -       -       smtpd

A telnet from the machine itself shows the expected welcome message. It's weird because it used to work just fine...

I appreciate your help :-)

EDIT

@MichaelKjörling gave me the idea to check the PLESK firewall so I added this rule:

plesk custom rule

Still not working though... might have to give it some time or do I have to restart something to trigger it?

EDIT

Output of iptables -L -n -v

Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
39468   28M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW reject-with tcp-reset
    2    80 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  232 13920 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:587
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:2525
  430 22420 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:8880
  943 53740 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    1    48 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    4   208 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:21
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
   24  1284 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:25
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:465
   80  3952 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:110
    3   192 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:995
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:143
    1    64 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:993
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:106
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:3306
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:5432
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:9008
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:9080
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:137
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:138
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:139
   18   720 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:445
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:1194
    0     0 DROP       udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53
    1    60 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           icmp type 8 code 0
    6   289 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW reject-with tcp-reset
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
    0     0 ACCEPT     all  --  lo     lo      0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
53431   69M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW reject-with tcp-reset
    2   104 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
  232 13920 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
  612 44920 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0

EDIT

Well apparently the outgoing ports where blocked in where I was testing this from. Thus I wasn't able to connect, I found this out by connecting to another server with SSH and using telnet from there.

Everything for nothing, thanks for the help!!

Is there a firewall along the route that may be blocking the connection to the "unusual" ports? Try moving it to something like port 80 and see if it works any better connecting. — user, Jul 13 '12 at 09:13
@MichaelKjörling I also do suspect a firewall being active but bare in mind that this is a live server, thus I can't move it to port 80 because the webserver is running on that port. Thanks for your help :) — Rick Kuipers, Jul 13 '12 at 09:25
Showing just the rules that permit the traffic you want is useless, because they might never be reached. Could we get the whole output of `iptables -L -n -v`? — MadHatter, Jul 13 '12 at 10:24
@MadHatter done and edited as requested, thank you for your help — Rick Kuipers, Jul 13 '12 at 10:29
The rules seem to in the right order, which makes me wonder if Michael Kjörling has a point. You could use eg `tcpdump port 587` on the server when you try to telnet to it, to see if the traffic arrives at all. If it doesn't, that's very strongly suggestive that there's a firewall *en route* causing trouble. — MadHatter, Jul 13 '12 at 11:41
@MadHatter Nothing arrives, when I use the command on 25 it shows traffic but on port 587 and 2525 it's quiet. What do you suggest I do to find out what's blocking it? — Rick Kuipers, Jul 13 '12 at 12:03
let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/4110/discussion-between-rick-kuipers-and-madhatter) — Rick Kuipers, Jul 13 '12 at 14:16

score 0 · Accepted Answer · answered Aug 13 '12 at 16:49

0

Well apparently the outgoing ports where blocked in where I was testing this from. Thus I wasn't able to connect, I found this out by connecting to another server with SSH and using telnet from there.

I appreciated the the help :-)

answered Aug 13 '12 at 16:49

Rick Kuipers

119
5

Can't reach my alternative SMTP port

1 Answers1