-1

After restarting my VPS, the email server I recently setup is not working. In particular, it is not accepting connections on port 25. Before the restart it was. I've tried several things, but I'm not sure what is wrong. I'm hoping it is something simple, but I'm concerned that it might be an incompatibility between SystemD, FirewallD, and OpenVZ, the virtualization type used*.

To clarify, before the restart I had been able to us telnet to send mail to my server. I had also been able to send/receive mail to/from the server from/to my gmail account.

I'm hoping someone can help me diagnose the issue.

I think the problem is with the firewall. Here is a successful telnet connection from the VPS to itself:

[root@VPS ~]# telnet mydomain.com 25
Trying <Server IP>...
Connected to mydomain.com.
Escape character is '^]'.
220 mail.mydomain.com ESMTP Exim 4.84_2 Mon, 13 Jun 2016 00:38:39 -0400
> HELO test
250 mail.mydomain.com Hello mydomain.com [Server IP]
> QUIT
221 mail.mydomain.com closing connection
Connection closed by foreign host.

The connection fails when trying from a different machine. Note that the domain does resolve and this is the Windows machine that I am using to ssh to the VPS using ssh root@mydomain.com. 

C:\Users\Liam>telnet mydomain.com 25
Connecting To mydomain.com...Could not open connection to the host, on port 25: Connect failed

Here is the firewall zone information:

[root@VPS ~]# firewall-cmd --zone=public --list-all
public (default)
  interfaces:
  sources:
  services: dhcpv6-client imaps pop3s smtp ssh
  ports: 25/udp 587/udp 80/tcp 465/udp 465/tcp 25/tcp 587/tcp 9418/tcp 53/tcp 53/udp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Here is the current status of FirewallD

[root@VPS~]# systemctl status firewalld
* firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2016-06-12 23:14:35 EDT; 1h 30min ago
 Main PID: 941 (firewalld)
   CGroup: /system.slice/firewalld.service
           `-941 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Jun 12 23:14:34 hostname systemd[1]: Starting firewalld - dynamic firewall daemon...
Jun 12 23:14:35 hostname systemd[1]: Started firewalld - dynamic firewall daemon.
Jun 12 23:14:35 hostname firewalld[941]: 2016-06-12 23:14:35 ERROR: ebtables not usable, disabling ethernet bridge firewall.

I'm not sure if that error was there before the restart, but *this post has some relevant information about the error as well as FirewallD + OpenVZ.

Here are the statuses of exim and dovecot, as well as named. 

[root@VPS~]# systemctl status {exim,dovecot,named}
 * exim.service - Exim Mail Transport Agent
   Loaded: loaded (/usr
 * List item

/lib/systemd/system/exim.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2016-06-12 22:08:27 EDT; 2h 38min ago
 Main PID: 172 (exim)
   CGroup: /system.slice/exim.service
           `-172 /usr/sbin/exim -bd -q1h

Jun 12 22:08:27 hostname systemd[1]: Starting Exim Mail Transport Agent...
Jun 12 22:08:27 hostname systemd[1]: Started Exim Mail Transport Agent.

* dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2016-06-12 22:08:27 EDT; 2h 38min ago
 Main PID: 182 (dovecot)
   CGroup: /system.slice/dovecot.service
           |-182 /usr/sbin/dovecot -F
           |-205 dovecot/anvil
           |-206 dovecot/log
           |-866 dovecot/auth
           `-869 dovecot/ssl-params

Jun 12 22:08:27 hostname systemd[1]: Starting Dovecot IMAP/POP3 email server...
Jun 12 22:08:27 hostname systemd[1]: Started Dovecot IMAP/POP3 email server.

* named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2016-06-12 22:08:27 EDT; 2h 38min ago
 Main PID: 191 (named)
   CGroup: /system.slice/named.service
           `-191 /usr/sbin/named -u named

Jun 12 22:08:27 hostname named[191]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jun 12 22:08:27 hostname named[191]: zone localhost.localdomain/IN: loaded serial 0
Jun 12 22:08:27 hostname 967277 named[191]: zone localhost/IN: loaded serial 0
Jun 12 22:08:27 hostname named[191]: zone mydomain.com/IN: loaded serial 0
Jun 12 22:08:27 hostname named[191]: all zones loaded
Jun 12 22:08:27 hostname systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jun 12 22:08:27 hostname named[191]: running
Jun 12 22:08:27 hostname named[191]: zone domain.com/IN: sending notifies (serial 0)
Jun 12 22:15:21 hostname systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jun 12 23:08:27 hostname named[191]: listening on IPv4 interface venet0:0, <VPS IP>#53

An excerpt from my exim.conf file:

[root@VPS~]# cat /etc/exim/exim.conf | grep daemon_smtp
daemon_smtp_ports = 25 : 465 : 587

And, I'm not sure if this is relevant, but here is some iptables information.

[root@VPS~]# iptables -L | grep smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:smtp ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp ctstate NEW
[root@VPS~]# iptables -L -n | grep 25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:25 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:25 ctstate NEW

I'm happy to provide any more information that may be relevant. Also, this is my first post to the site. I think this is on-topic, but I briefly debated Unix or Superuser as well.

UPDATE

I turned off the firewall:

[root@domain~]# systemctl stop firewalld
[root@domain~]# systemctl status firewalld
* firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Mon 2016-06-13 01:52:47 EDT; 4s ago
  Process: 941 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 941 (code=exited, status=0/SUCCESS)

Jun 12 23:14:34 hostname systemd[1]: Starting firewalld - dynamic fire....
Jun 12 23:14:35 hostname systemd[1]: Started firewalld - dynamic firew....
Jun 12 23:14:35 hostname firewalld[941]: 2016-06-12 23:14:35 ERROR: eb....
Jun 13 01:52:47 hostname systemd[1]: Stopping firewalld - dynamic fire....
Jun 13 01:52:47 hostname systemd[1]: Stopped firewalld - dynamic firew....
Hint: Some lines were ellipsized, use -l to show in full.

I then checked for an iptables service

[root@domain~]# systemctl status iptables
* iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)
[root@domain~]# service iptables status
Redirecting to /bin/systemctl status  iptables.service
* iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

I still got the same error when trying to telnet to the VPS on port 25.

Liam
  • 109
  • 4
  • Can I get the reason for the immediate downvote? (otherwise how will I learn) – Liam Jun 13 '16 at 05:14
  • 1
    Really I don't understand those 'downvote trolls' in the community :( Thinking in troubleshoot the problem: Do you have firewallD + iptables? can you disable them and try it? – HEDMON Jun 13 '16 at 05:35
  • @HEDMON Thanks. *facepalm* I don't know why I didn't already try disabling the firewall. I've updated the page with the results. This leaves me at a bit of a loss, because if the firewall isn't the issue, I'm not sure what is. However now I'm even more positive that it is something simple that I'm missing. I probably forgot to permanently turn something on and the reboot removed it... – Liam Jun 13 '16 at 06:00
  • can you reach other services in other ports? 80, 8080, 21, 22? (http, https, ftp, ssh) – HEDMON Jun 13 '16 at 06:42
  • @HEDMON yes, I can SSH to the server and I have apache running giving "Hello, World!" at the web address in a browser. I can also `telnet mydomain.com 22` – Liam Jun 13 '16 at 06:44
  • Your windows machine is maybe filtered by your ISP. In France, most ISP block the outgoing 25/tcp from the clients users to not send the spam from not managed PC. – Dom Jun 13 '16 at 07:02
  • @Dom is right. You can try http://mxtoolbox.com/SuperTool.aspx – HEDMON Jun 13 '16 at 07:16
  • @Dom Okay, That is odd. Earlier I was using that tool and it showed an unable to connect on port 25 error. Perhaps it was the firewall. However I am still unable to connect via my own computer, and I was able to do this earlier. Would my ISP have blocked this within the last day or something? (That doesn't sound likely) – Liam Jun 13 '16 at 07:29
  • 2
    Try to telnet on the SMTP server of your ISP. You should see the banner. Try with Gmail servers too. – Dom Jun 13 '16 at 07:30
  • 1
    @Dom You're right, it does seem to be my computer. I turned the firewall back on and the VPS can both send and receive email. – Liam Jun 13 '16 at 16:44
  • @Dom I guess will be good if you write the answer and Liam accept it ;) – HEDMON Jun 13 '16 at 20:24

1 Answers1

3

The problem could coming from outside of your machine. You can try to telnet your ISP SMTP server or Gmail servers to test if it's working.

Some ISP block the SMTP connections, to not allow the virus to propagate from non managed computers. In you case, you may ask your ISP to open the connection from your computer to your server.

Dom
  • 6,743
  • 1
  • 20
  • 24