| View previous topic :: View next topic |
| Author |
Message |
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
 Posted: Thu Dec 01, 2022 8:47 pm Post subject: [SOLVED] Weird mailserver problem on port 25 |
 |
|
Aloha !
Ok I have this weird problem I can't figure out.
I have my own mail-server at home and it has served me well.
I can send and receive mail from my own home.
However, the last few days I got this weird behaviour.
Here it is :
When I am on the road, I use the same smtp-settings as at home,
but then the mail-client complains about not being able to connect.
In the mail.log I see... well nothing. No errors, no tries, no nothing.
Here some tests and results I already did :
| Code: | From the localhost :
telnet localhost 25
- 220 smtp.somedomainiregistred.nl ESMTP Postfix |
| Code: | From another computer in my network :
telnet smtp.somedomainiregistred.nl 25
- 220 smtp.somedomainiregistred.nl ESMTP Postfix |
| Code: | | I can receive mail from exernal servers like hotmail.com |
| Code: | I can send mail from another computer in my network using the smtp-settings from my own mail-server.
Both to mail addresses configured at my local mail-server as to hotmail. |
| Code: | When I check the port 25 via een online open port checker :
- Port 25 is open |
| Code: | When I ping my domain from within my own network :
- I get no errors
- Reply from xx.xx.xx.xx: bytes=32 time=1ms TTL=64 |
| Code: | When I ping from the neighbors computer who has a completely different ISP (Cable vs Fiber) :
- I get no errors
- Reply from xx.xx.xx.xx: bytes=32 time=1ms TTL=64 |
Have I broken something unknowingly ?
Why can and can't I send mail ?
Hopefully someone can point me in the right direction.
.
Cheeeeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede
Last edited by jecepede on Wed Dec 21, 2022 5:48 pm; edited 1 time in total |
|
| Back to top |
|
 |
freke
l33t
Joined: 23 Jan 2003
Posts: 977
Location: Somewhere in Denmark
|
| Posted: Thu Dec 01, 2022 9:08 pm Post subject: |
|
|
Are you sure you mail-client is using port 25?
That's mostly for server-to-server transfers I believe?
For client-to-server submissions port 587 is normally used?
(I know I do in my setup  ) |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Thu Dec 01, 2022 9:44 pm Post subject: |
|
|
| Quote: | | When I ping from the neighbors computer who has a completely different ISP (Cable vs Fiber) : |
Many ISPs filter port 25 from consumer links to limit the amount of spam sent by botnets. |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Sat Dec 03, 2022 12:11 pm Post subject: Change the port ? |
|
|
Aloha !
| freke wrote: | Are you sure you mail-client is using port 25?
That's mostly for server-to-server transfers I believe?
For client-to-server submissions port 587 is normally used?
(I know I do in my setup ) |
Yes I am positive it uses port 25 for client->server and server->server comunication.
Like I already stated, it just stopped working ????
My postfix is an out-of-the-box installation and only uses port 25.
I checked main.cf and master.cf, there is nothing pointing to 587
To be absolutely sure I did this :
| Code: | | telnet localhost 587 |
and got a timeout.
Maybe I should change this anyway. According to RFC-2476 it is indeed the preferred port to use.
.
Cheeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede
Last edited by jecepede on Sat Dec 03, 2022 12:30 pm; edited 1 time in total |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Sat Dec 03, 2022 12:20 pm Post subject: |
|
|
Aloha !
| szatox wrote: | | Many ISPs filter port 25 from consumer links to limit the amount of spam sent by botnets. |
That does not make any sence. At least not to me.
I know ISPs are taking steps agains SPAM.
But if port 25 is filtered/blocked, how could it be that the server Hotmail.com can deliver messages on my server via port 25 at all ?
How does the ISP know it is me-on-the-road and not Hotmail.com ?
.
Cheeeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Sat Dec 03, 2022 12:41 pm Post subject: A bit of progress.. |
|
|
Aloha !
So I opened up the port 587 in Postfix, I opened up port 587 on the firewall,
Tried to send a mail with my local mail client Thunderbird on port 587 and...
well.... still the same effect.
I can send mail from within my own network using my own mailserver on port 587.
I can not send mail from outside my own network using my own mailserver on port 587.
I can still can receive mail from outside my network on port 25.
I don't get it . . .
.
Cheeeeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Sat Dec 03, 2022 3:14 pm Post subject: |
|
|
| Quote: | | But if port 25 is filtered/blocked, how could it be that the server Hotmail.com can deliver messages on my server via port 25 at all ? |
Hotmail has a server connection. Your sorry cell phone is connected via a consumer line. That's the difference.
25 is for receiving emails from other domains to yours. 587 is for receiving emails from clients that are a part of your domain.
587 typically requires the submitter to login and will accept email addressed to a foreign domain (and then forward it).
25 typically will reject mail addressed to a foreign domain (with "do it yourself" message), but also accept unauthenticated mail to your domain. |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Sat Dec 03, 2022 7:25 pm Post subject: Bummer... |
|
|
Aloha !
| szatox wrote: | | Hotmail has a server connection. Your sorry cell phone is connected via a consumer line. That's the difference. |
Then why can a buddy of mine whos mailserver is at home as well, thus on a consumer line, send me mail from his mailserver to mine on port 25.
We tried and it works. I can see his machine, by looking for his publick IP, talk to mine in de logfiles.
Or is that because of server to server communication ? What is the difference anyway between consumer and server line/connection/communication ?
.
| szatox wrote: | 25 is for receiving emails from other domains to yours.
25 typically will reject mail addressed to a foreign domain (with "do it yourself" message), but also accept unauthenticated mail to your domain.
587 is for receiving emails from clients that are a part of your domain.
587 typically requires the submitter to login and will accept email addressed to a foreign domain (and then forward it).
|
Okie dokie. Check...
I have already enabled port 587 on my machine (see one of the previous posts) but I still can not send mail from my ahum sorry phone 
Even something simple as clicking the "test your settings" results in a timeout.
In the logfile mail.log I don't even see it is trying to make a connection at all 
And yes, before any one asks, I did restart my Postfix. I actually rebooted the whole machine...
.
Cheeeeeeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Sat Dec 03, 2022 8:03 pm Post subject: |
|
|
| Quote: | | Then why can a buddy of mine whos mailserver is at home as well, thus on a consumer line, send me mail from his mailserver to mine on port 25. |
Well, maybe your buddy's ISP does not filter outgoing connections on 22/tcp and your does?
You said he is on a different ISP than you are, didn't you?
It is a common practice. It does not mean EVERY ISP does it, but it happens often enough to be considered.
| Quote: | | What is the difference anyway between consumer and server line/connection/communication |
The difference is in "you're a stupid consumer so we're going to cut our costs and claim it's for your security, lol" which wouldn't fly in case of a server link, but the vast majority of consumers won't care about NAT and filters on remote ports other than 53/udp, 80/tcp and 443/tcp.
Anyway, list open ports with nc -nlpt and see if postfix is listening.
Postfix uses master.cf to define provided services.
My contains this, among other lines:
| Code: | submission inet n - n - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o smtpd_sender_restrictions=reject_sender_login_mismatch
|
So, email will be accepted ONLY if the client is authenticated and owns the sender's address, and the client can't authenticate before calling STARTTLS |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Sat Dec 03, 2022 9:51 pm Post subject: |
|
|
I have in main.cf
| Code: |
mynetworks = 127.0.0.0/24, 192.168.2.0/24
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject
|
Plz find yours by
| Code: |
postconf | grep -E "smtpd_relay_restrictions|mynetworks"
|
and possibly edit
| Code: |
mynetworks = 0.0.0.0/0
|
and add also a permit_mynetworks clause in the above variable.
_________________
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Sat Dec 03, 2022 10:43 pm Post subject: |
|
|
| Quote: | | mynetworks = 0.0.0.0/0 |
Dude.... That's an open relay, give it 5 minutes and you'll be on every single spam list in existence |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Mon Dec 05, 2022 9:40 am Post subject: |
|
|
Yes but to me being able to sent email from within the lan,but failing from outside addresses indicates a "mynetworks" issue.
Maybe if not 0.0.0.0 ,but he should allow some portion of it.
I might be saying foolish things but this is how it seems to me.
_________________
|
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Mon Dec 05, 2022 10:07 pm Post subject: |
|
|
Again, I'm gonna call it ISP's firewall until proven otherwise. Many customer lines do not let you connect to the internet on 25/tcp. If connecting to your server works from some locations and it does not work from others that happen to be consumer lines you haven't banned, it's probably client's ISP blocking the outgoing traffic.
mynetworks does not do anything to allow or deny tcp connections; it accepts or rejects mail after connection has already been established. It exists to enable use of satellite servers.
You will see it as an SMTP reject, not a tcp connection error.
This:
| Quote: | mynetworks = 127.0.0.0/24, 192.168.2.0/24
smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, permit_auth_destination, reject |
this is the right way to set mail relay. Accept mail from authenticated users, accept mail from known and trusted machines (aka satellite servers), refuse forwarding in any other case.
Nothing on the internet is trusted, DO NOT ADD IT TO MYNETWORKS, or you will be contributing to polluting mailboxes with "tiny enlargers" and "garden tools" for the few minutes left until you get blacklisted into oblivion. |
|
| Back to top |
|
|
nativemad
Developer
Joined: 30 Aug 2004
Posts: 918
Location: Switzerland
|
| Posted: Tue Dec 06, 2022 4:14 pm Post subject: |
|
|
AlohAhh
I would also say that it is most likely the ISP that you are using "on the road" that is blocking the connection.
You can test if it is your ISP via telnet (or the mailclient itself) with pointing it to another mailserver... If that also doesn't work (just times out), you know that this is your problem...
In that case you could use an ssh tunnel to your home and redirect port 25... Or you could use a VPN or such.
If you can reach any other mailserver on port 25, it is probably an entry in /etc/hosts that directs your mailserver-hostname to it's internal address or something!? - Does it resolve the hostname correctly from the client "on the road"?
HTH, cheers
_________________
Power to the people! |
|
| Back to top |
|
|
jecepede
Apprentice
Joined: 19 Nov 2002
Posts: 239
|
| Posted: Wed Dec 21, 2022 5:47 pm Post subject: |
|
|
Aloha !
Sorry for the late reply but I have been a bit under the weather.
Anyway.... the problem has fixed itself ?
According to the Mrs we had a power interrupt (I did not notice it due to being sick in bed) but after that everything worked again.
My best guess; Resetting everything has reinitialized the configs ? Weird, I myself had also shut everything down (inc cable modem).
Annnnyway.
I am happy it is fixed and I am happy I learned something about ports.
Thanks every one
Cheeeeeeeeeeers
Jecepede
_________________
I've got that retro-feeling :
http://instagram.com/jecepede
Check out my YouTube channel
https://www.youtube.com/jecepede |
|
| Back to top |
|
|
|
Networking & Security
