1

I am running postfix and dovecot on my Centos Mail server.

Now I can send mail from the server to the outside, BUT I cannot receive mail from the outside.

TELNET: When I telnet to my ip address to port 21, it connects, but when doing it for port 25 and 110, it cannot connect, hence something is blocking it.

Now, in IPTABLES, I enabled all the following ports to allow traffic: 80,21,25,110,143. See my iptables configuration below:

# Generated by iptables-save v1.4.7 on Fri Jul  5 22:08:10 2013
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [30:3200]
-A INPUT -p tcp -m tcp --dport 5252 -j ACCEPT -m comment --comment "SSH"
-A INPUT -p tcp -m tcp --dport 48001 -m comment --comment "SSH was 5252" -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m tcp -p tcp --dport 143 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Jul  5 22:08:10 2013
~

Question: 1. Why can't I telnet to port 25 from the outside? (I belive this is why I cannot receive incoming mail from the outside.

Note: My MX records and reverse DNS all works fine, I believe if I can telnet to ports 25 and 110 I will be able to receive mail from the outside, or am I wrong here?

PS: I set up my mail server using the following 2 tutorials:

Postfix: http://centoshelp.org/servers/mail/postfix-mail-server-on-centos/

DoveCot http://ostechnix.wordpress.com/2013/02/08/setup-mail-server-using-postfixdovecotsquirrelmail-in-centosrhelscientific-linux-6-3-step-by-step/

EDIT: netstat -tlnp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1284/mysqld
tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      1313/dovecot
tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      1313/dovecot
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      1146/vsftpd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1008/cupsd
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2573/master
tcp        0      0 127.0.0.1:6010              0.0.0.0:*                   LISTEN      1802/sshd
tcp        0      0 127.0.0.1:6011              0.0.0.0:*                   LISTEN      2038/sshd
tcp        0      0 127.0.0.1:6012              0.0.0.0:*                   LISTEN      2357/sshd
tcp        0      0 127.0.0.1:6013              0.0.0.0:*                   LISTEN      2583/sshd
tcp        0      0 0.0.0.0:48001               0.0.0.0:*                   LISTEN      1767/sshd
tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN      1313/dovecot
tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN      1313/dovecot
tcp        0      0 :::110                      :::*                        LISTEN      1313/dovecot
tcp        0      0 :::143                      :::*                        LISTEN      1313/dovecot
tcp        0      0 :::80                       :::*                        LISTEN      1415/httpd
tcp        0      0 ::1:631                     :::*                        LISTEN      1008/cupsd
tcp        0      0 ::1:25                      :::*                        LISTEN      2573/master
tcp        0      0 ::1:6010                    :::*                        LISTEN      1802/sshd
tcp        0      0 ::1:6011                    :::*                        LISTEN      2038/sshd
tcp        0      0 ::1:6012                    :::*                        LISTEN      2357/sshd
tcp        0      0 ::1:6013                    :::*                        LISTEN      2583/sshd
tcp        0      0 :::48001                    :::*                        LISTEN      1767/sshd
tcp        0      0 :::993                      :::*                        LISTEN      1313/dovecot
tcp        0      0 :::995                      :::*                        LISTEN      1313/dovecot

SOLUTION - READ YOUR POSTFIX main.cf FILE CAREFULLY!

I made a small mistake on my /etc/postfix/main.cf file - For some reason the inet_interfaces = localhost line was NOT commented out, it overruled the inet_interfaces = all rule...Thanks again for the help, much appreciated. Now I can also telnet to 110 and 143.

DextrousDave
  • 315
  • 2
  • 4
  • 13
  • 3
    Is this on a company network or a home network? – Nathan C Jul 23 '13 at 15:28
  • @DextrousDave: Can you telnet from inside your network? What is the exact error message you are getting? Do you have another router or firewall in front of this server? – Khaled Jul 23 '13 at 15:33
  • I am telnetting from my home PC. The Mail Server is on a VPS, that I use for hosting my clients websites on. – DextrousDave Jul 23 '13 at 15:36
  • 2
    Your ISP is blocking outgoing port 25. – Jenny D Jul 23 '13 at 15:37
  • Is your mailserver listening on all IPs or only on localhost? Check the output of `netstat -tlnp` – etagenklo Jul 23 '13 at 15:37
  • @Jenny - Why would they do that - It is a VPS... – DextrousDave Jul 23 '13 at 15:38
  • @etangenklo - See my update. I posted the results of the netstat there – DextrousDave Jul 23 '13 at 15:42
  • 1
    @DextrousDave: To stop the clueless from becoming open mail relays – user9517 Jul 23 '13 at 15:43
  • @lain....good point :) – DextrousDave Jul 23 '13 at 15:44
  • @DextrousDave There might be two issues at play here. 1) Your ISP is likely blocking your home internet connection from making outbound connections across port 25. It's a security / spam thing that's very common. 2) Your VPS itself has something blocking, or nothing listening on, port 25. The problem is, until you know for sure about the first problem, you can't troubleshoot the second problem easily. – Wesley Jul 23 '13 at 15:45
  • 1
    @DextrousDave From your home PC, telnet to gmail-smtp-in.l.google.com which is a gmail server. See if you get Gmail's banner message or not. If you do, then outbound 25 is not blocked on your home ISP. If you don't, then it's blocked. – Wesley Jul 23 '13 at 15:47
  • 1
    @DextrousDave JennyD didn't say the VPS's ISP, she said YOUR ISP is blocking outgoing port 25 to prevent home systems from acting as spambots – Rex Jul 23 '13 at 15:48
  • @WesleyDavid - Thanks for the tip. I telnetted to the gmail servers and it works fine, so nothing wrong with my ISP or my internet connection – DextrousDave Jul 23 '13 at 18:23
  • @DextrousDave Awesome! Then it looks like Nathan C's answer is the correct one. – Wesley Jul 23 '13 at 18:28

1 Answers1

7

It looks like your mailserver is only listening on localhost and not your public IP: tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

Change the configuration so it's listening on the proper IP. Be sure to do this properly as mis-configured mail servers are the norm.

Nathan C
  • 15,059
  • 4
  • 43
  • 62
  • thank you for the answer Nathan. If I may ask, how do I change the listening to be on the public port? I googled it but cannot find a concrete answer. Also, why can't I telnet to the 110 or 143 ports since they have the same 'profile' as port 21 which I can telnet to? – DextrousDave Jul 23 '13 at 18:31
  • oh my word...I made a small mistake(rather big...) on my postfix/main.cf file - For some reason the inet_interfaces = localhost line was NOT commented out, it overruled the inet_interfaces = all rule...Thanks again for the help, much appreciated. Now I can also telnet to 110 and 143. – DextrousDave Jul 23 '13 at 18:41