0

I am using centos 7 with postfix with smtp. The mail server was working fine, but then it stopped working. I cannot telnet to Gmail or any other server on port 25,587,465. However, when I telnet myowndomain.com 25 < it works.

It seems as if I cannot telnet to port 25 or any port of other servers. The error is given below.

Jun 16 05:24:06 SSSS postfix/submission/smtpd[25687]: connect from unknown[172.17.0.2] Jun 16 05:24:06 SSSS postfix/submission/smtpd[25687]: Anonymous TLS connection established from unknown[172.17.0.2]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Jun 16 05:24:06 SSSS postfix/submission/smtpd[25687]: 0F69747687: client=unknown[172.17.0.2]

Jun 16 05:24:06 SSSS postfix/cleanup[25690]: 0F69747687: message-id=<[email protected]>

Jun 16 05:24:06 SSSS postfix/qmgr[24527]: 0F69747687: from=, size=6806, nrcpt=1 (queue active)

Jun 16 05:24:06 SSSS postfix/submission/smtpd[25687]: disconnect from unknown[172.17.0.2] Jun 16 05:24:12 SSSS postfix/smtpd[25473]: connect from unknown[89.248.171.223]

Jun 16 05:24:12 SSSS postfix/smtpd[25473]: warning: unknown[89.248.171.223]: SASL LOGIN authentication failed: authentication failure

Jun 16 05:24:12 SSSS postfix/smtpd[25473]: disconnect from unknown[89.248.171.223]

Jun 16 05:24:36 SSSS postfix/smtp[25691]: connect to smtp1.linuxfoundation.org[140.211.169.13]:25: Connection timed out

Jun 16 05:24:55 SSSS postfix/smtpd[25473]: connect from unknown[155.133.64.146] Jun 16 05:24:55 SSSS postfix/smtpd[25473]: warning: unknown[155.133.64.146]: SASL LOGIN authentication failed: authentication failure Jun 16 05:24:55 SSSS postfix/smtpd[25473]: disconnect from unknown[155.133.64.146]

MAIN.CF:

inet_protocols = ipv4
inet_interfaces = all 
smtpd_recipient_restrictions =  permit_sasl_authenticated ,permit_mynetworks , reject_invalid_hostname, reject_unauth_destination,check_helo_access hash:/etc/postfix/helo_access, reject_non_fqdn_recipient, reject_rbl_client zen.spamhaus.org,   reject_rbl_client bl.spamcop.net
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

telnet connection: 

[root@mail ~]# telnet alt4.gmail-smtp-in.l.google.com 25
Trying 74.125.28.27...
telnet: connect to address 74.125.28.27: Connection timed out
Trying 2607:f8b0:400e:c04::1a...
telnet: connect to address 2607:f8b0:400e:c04::1a: Network is unreachable

any solution? I have already tried many tutorials from online, but didn't help.

Improve this question
2
  • Are you trying to relay email out through your mail server, and if so, are you trying to telnet to port 25 on other mail servers from your mail server and thats failing? If so, what happens if you telnet out on port 587?
    – davidgo
    Commented Jun 16, 2017 at 6:30
  • @davidgo I am trying to telnet to the mail server, i.e where I have hosted postfix. I unable to connect to port 25 of Gmail SMTP. When I try to send email locally i.e testing postfix I still cannot send email, in this case, it just adds to the queue instead of being sent.
    – Nix
    Commented Jun 16, 2017 at 6:37

3 Answers 3

Reset to default
0

This does not look like an issue with your mail server config.

It seems to me like your provider is blocking SMTP - which is not uncommon. If they are doing this you would need to ask them to lift the block, or relay your email through their SMTP server by adding a line relayhost = XXX.XXX.XXX.XXX to your postfix main.conf file.

Just to be on the safe side, you may want to try the following 2 lines to rule out a firewall issue on your box. 

iptables -I OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -I INPUT -m state --state ESTABLISEHD,RELATED -j ACCEPT
Improve this answer
2
  • thank you. it was blocked by digital ocean without giving any prior notice that they are going to block the ports.
    – Nix
    Commented Jun 17, 2017 at 10:12
  • iptables -I INPUT -m state --state ESTABLISEHD change to ESTABLISHED,RELATED -j ACCEPT
    – Vignesh Chinnaiyan
    Commented Apr 17, 2019 at 21:57
0

You can use tcptraceroute program to locate where the connection is blocked.

Improve this answer
0

It you are sending out email to port 25, you need a static IP if you want to avoid your mail being classified as spam. Many ISPs will block outgoing email on port 25 from dynamic IP addresses. There is some DNS configuration you will need to do, including coordinating with your ISP to get the correct PTR record configured. The may also block 465 (SMTPS) which is considered deprecated now that startTLS is available in the protocol. Your ISP should provide an SMTP relay server through which you can send email.

Many ISPs may charge for a static IP address, in some cases even for business class services. Smaller ISPs are more likely to provide a static IP address on request or at a minimal cost.

It is less common for port 587 (Submission) to be blocked by ISPs. This should require authentication before mail can be sent, which makes using it to send spam more difficult. It it is blocked, I would check your own firewall configuration.

Many ISPs have provided their dynamic IP ranges to blacklist providers. When and if this is used to block connections, is determined by the administrators of the mail servers you are connecting to. The tcptraceroute command can be used to determine if you are blocked at the end site.

Some sites may perform a callout to your email server to ensure you are a legitimate sender. It is unusual to do this before connecting, but if you haven't forwarded email traffic in your router to your server it will fail.

Most/many ISPs don't provide IPv6 so trying to connect over IPv6 will fail. You could use a tunnel broker to resolve that issue. This would enable you to configure a static IPv6 address for your mail server. (Again, you would need to configure DNS appropriately.)

It is not that difficult to configure a mail server correctly. However, even banks, airlines and governments get it wrong.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .