Topic: E-mail server question

[Bob Todd]

Ok I have setup a new 5.6 server in "server only" mode in the dmz behind my Gnatbox firewall on which I opened ports 80,25 and 110 for web, smtp and pop.

ISP has pointed MX and web pages to the correct IP for the external interface on the firewall and I can access my website and webmail from anywhere internally or on the internet. E-mail does arrive from external servers also.

Problem is this. E-mail doesnt leave my server for external addresses so unless its going to an internal address it just sits in the queue.

Mistakes I made and issues arising - initially I tried to setup using multi-drop mail collection and using my ISP's smtp server for sending mail out. It didnt work so thats when I got them to point mx record at my server and I tried changing retrieval mode to "standard". Problem is the settings I filled in on the page for "secondary mail server" and "pop user account" refuse to reset to blank and keep the old values.

So basically has anyone any ideas why 1) mail wont go to internet
 and 2) how do I blank the email retrieval settings.

Any help appreciated.

[Jim Little]

1)  I would guess that your ISP is blocking port 25. This is becoming increasing common these days. If that is the case you will need to use their SMTP server instead of sending mail directly.  This is a setting in the server-manager.

There is a entry in the server-manager to view mail logs, if you haven't already used it you should check it out.  It is highly informative.

2)  Don't worry about the "extra" settings, they are not used when you don't have the server set in that mode.  If they really bother you go through and set the server back to the old mode, blank out the entries, go all the way through to the end, then re-run the configuration and set it back to standard.  Alternatively you can manually edit the configuration files to remove the entries but I wouldn't recommend this, it's error prone.

Good luck,

Jim

[Bob Todd]

re Jims point 2) already tried that method of "blanking" the settings. It didnt work but thanks for the suggestion anyways. Not keen on trawling through the config files if I dont have to but would the settings not be in the db anyway rather than a config file?

regards the sending emails I think the problem is with domain resolution from what the logs tell me. I cant get the internet test to work from the console but I recall someone saying theres a port needs opening on the firewall for it to function. I've had a search around but not found that article again. Anyone with it to hand I'd appreciate it.

I have tried using the entry for master dns in the e-smith configuration when theres a separate firewall but whether thats in place or not internet test fails and e-mails sit in the queue.

finally regarding ISP's blocking port 25 - anyone know for sure if BT in the UK do this for their business customers?

[Jim Little]

Doesn't sound like anything can get out of your box, only in.

I would start by pinging outwards starting with your local net, firewall, ISP and Internet to see if you can determine where the barrier is located.  If you think the problem is DNS try PING and then HTTP using the name and then the numeric IP.  You can use wget from the command line to test HTTP and FTP access outwards.

Depending on how your firewall is set up you may have to enter it as the gateway in your SME setup.

Make sure the internet test works before you worry about your e-mail getting out.

Jim

[Bob Todd]

ok seems its an issue with the firewall and nothing else. despite having the outbound filters all correctly set it seems it hadnt actually applied them. A quick re-entry of the same rules and a refresh seems to have kicked it into life and all is now well (except these stupid leftover settings that I cant clear from the email retrieval page).

for anyone thats interested - BT didnt like me forwading mail to their SMTP server and kicked it back at me. They do seem to allow traffic on port 25 of their network though so leave SME at its default settings.

Thanks Jim for the advice.

[Jochen Hoegerl]

Check the following

 did you have set the standard-gateway IP-address in SME ??
 (should point to your Firewall internal nic )

if yes and it doesn't work open Port 53 at the Firewall for your SME
  ( port 53 is DNS )

jochen

[Bob Todd]

jochen yes I did have the standard gateway address set and I believed all ports outbound for SME were open on the Gnatbox firewall. Turns out that I had to re-open all outbound for the dmz where the  SME box sits and reset the firewall to actually get it to implement the outbound filters.
 It had been reset but I hadnt tried re-entering the filters and re-saving them before the reset until late this afternoon. Assumed that if the screen in front of me tells me the outbound is open then its open - turns out thats too simple.