2

I installed Postfix on my server and I'm able to send emails, but can't receive any. I also noticed that I'm unable to telnet to the server with the port 25, from a different computer or from the server itself. I'm getting a "no route to host" message when I try from a distant machine, and it says "connection closed by foreign host" when I try from the server. Here's what I get when I try to list the ports in use :

$ ss -lntu
Netid State      Recv-Q Send-Q                                            Local Address:Port                                              Peer Address:Port
tcp   LISTEN     0      0                                                             *:22                                                           *:*
tcp   LISTEN     0      0                                                             *:25                                                           *:*
tcp   LISTEN     0      0                                                             *:80                                                           *:*

When I try to use an external email checker, I'm also a getting the same "no route to host" error message after entering an email address.

I'm using two external files to parameter Postfix, one with the list of domains I"m expecting emails from, and one with the list of virtual inboxes. Here are a few samples of the main.cf file :

mynetworks = 127.0.0.0/8
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
inet_protocols = all
inet_interfaces = all
virtual_alias_domains = hash:/etc/postfix/virtual_domains
virtual_alias_maps = hash:/etc/postfix/virtual_mailboxes

I also changed the DNS records and created a new MX entry pointing to mail.mydomain.com

Here's my DNS file :

@       A       104.xxx.xxx.xxx
dev     A       104.xxx.xxx.xxx
mail    A       104.xxx.xxx.xxx
blog    CNAME   blogs.vip.gandi.net.
imap    CNAME   mail.mydomain.com.
pop     CNAME   mail.mydomain.com.
smtp    CNAME   mail.mydomain.com.
webmail CNAME   webmail.gandi.net.
www     CNAME   webredir.vip.gandi.net.
@       MX      mail.mydomain.com. (50)

I've also tried this

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Please let me know if I'm missing something, or if you need more information.

Thanks

user1319182
  • 141
  • 1
  • 7

1 Answers1

1

No route to host means, that your postfix or firewall isn't the problem. Probably some DNS record is wrong.

  • Test if domain.com has a MX-Record pointing at mail.mydomain.com
  • Test if mail.mydomain.com has an A-Record (CNAME isn't allowed for the MX address)
  • Test if you can ping mail.mydomain.com (probably you cannot)
  • Test a traceroute to mail.mydomain.com, if you're sure the ip is correct, and see where it stops.
allo
  • 1,620
  • 2
  • 22
  • 39
  • - It does have an MX record - It is an A record - I can ping it - Since I can ping it and they are hosted on the same server, there is no difference in traceroute between the "mail" subdomain and the actual domain. – user1319182 Mar 30 '17 at 23:50
  • Just in case, I've updated my post with my DNS records. – user1319182 Mar 31 '17 at 00:05
  • @allo Telnet will yell `no route to host` if the port is blocked by a firewall – moestly Mar 31 '17 at 00:26
  • @ansi_lumen How do I check if there is one? As far as I can see, the port 25 is used by smtp. – user1319182 Mar 31 '17 at 00:40
  • `iptables -L` or `firewall-cmd --list-all` or `ufw status` should list the ports that are open. What system are you using anyway? – moestly Mar 31 '17 at 00:47
  • @ansi_lumen I'm using CentOS 7. I'm testing the commands. – user1319182 Mar 31 '17 at 01:10
  • @ansi_lumen I've updated my post again – user1319182 Mar 31 '17 at 01:13
  • Seems to be blocked to me. Include your OS variant and version in your post or use a search engine of your choice to dig for your firewall-config. It's not that hard. In fact: You shouldn't run a web-server in absence of basic firewall knowlege needed here. Go and get it! :) – moestly Mar 31 '17 at 02:11
  • @ansi_lumen Flushing the iptables didn't change anything. It has nothing to do with the firewall. – user1319182 Mar 31 '17 at 03:03
  • Maybe your hoster has a firewall? Some VPS hosters allow you to configure an firewall (additional to your own iptables) via the web interface. And there could be a safe default like "only ssh" – allo Apr 01 '17 at 08:18
  • @ansi_lumen i get ``Network is unreachable`` (remote) or ``Connection refused`` (localhost) here with telnet. But it could be a good idea to test with tools with tools, which provide better feedback then the telnet program. – allo Apr 01 '17 at 08:20