Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Steven Beasley on December 12, 2002, 08:34:13 PM
-
I have a 5.5 server set up (default server/gateway config) and have recently set up a domain etc. My problem is the server seems unable to incoming mail on port 110.
I've tried telnetting to my ip on port 110 externally and the connection is refused, however if I try it from the box itself (telnetting to the external ip address), it's fine. Outbound mail is fine. qmail is running, and mail from internal accounts make it to the POP server. These only seems to affect mail (or any communication on 110) from the outside world.
I have not made any changes to ipchains, yet it seems it is blocked. I'm not very good w/ipchains at all. Any suggestions would be most appreciated!
Thanks!
-Steven
-
Here is my config...
Chain input (policy DENY):
target prot opt source destination ports
icmpIn icmp ------ anywhere anywhere any -> any
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
denylog tcp ------ anywhere anywhere 0:chargen ->$
denylog udp ------ anywhere anywhere 0:chargen ->$
denylog tcp ------ anywhere anywhere any -> 0:c$
denylog udp ------ anywhere anywhere any -> 0:c$
DENY all ------ BASE-ADDRESS.MCAST.NET/4 anywhere n/a
DENY all ------ anywhere BASE-ADDRESS.MCAST.NET/4 n/a
ACCEPT tcp ------ anywhere localhost any -> www
ACCEPT tcp ------ anywhere gaz.xenden.com any -> www
ACCEPT tcp ------ anywhere 66.89.51.211 any -> www
REDIRECT tcp ------ 192.168.22.0/24 anywhere any -> www$
ACCEPT all ------ 192.168.22.0/24 anywhere n/a
ACCEPT tcp !y---- anywhere anywhere any -> any
ACCEPT tcp ------ anywhere 66.89.51.211 any -> auth
ACCEPT udp ------ anywhere 66.89.51.211 any -> 113
ACCEPT udp ------ anywhere anywhere bootps:bootp$
ACCEPT tcp ------ anywhere 66.89.51.211 any -> ftp$
ACCEPT tcp ------ anywhere 66.89.51.211 any -> ftp
ACCEPT tcp ------ anywhere 66.89.51.211 any -> www
ACCEPT tcp ------ anywhere 66.89.51.211 any -> htt$
ACCEPT ipv6-crypt------ anywhere 66.89.51.211 n/a
ACCEPT udp ------ anywhere 66.89.51.211 500 -> 500
ACCEPT udp ------ ntp-0.gw.uiuc.edu anywhere any -> ntp
ACCEPT tcp ------ anywhere 66.89.51.211 any -> 1723
ACCEPT gre ------ anywhere 66.89.51.211 n/a
ACCEPT gre ------ anywhere 66.89.51.211 n/a
ACCEPT tcp ------ anywhere 66.89.51.211 any -> smtp
ACCEPT tcp ------ anywhere 66.89.51.211 any -> ssh
denylog tcp -y---- anywhere 66.89.51.211 any -> mys$
DENY udp ------ anywhere anywhere any -> rou$
DENY tcp ------ anywhere anywhere any -> net$
DENY udp ------ anywhere anywhere any -> net$
denylog tcp -y---- anywhere 66.89.51.211 any -> squ$
ACCEPT tcp -y---- anywhere 66.89.51.211 ftp-data -> $
ACCEPT tcp ------ anywhere anywhere any -> 102$
ACCEPT udp ------ anywhere anywhere any -> 102$
denylog all ------ anywhere anywhere n/a
Chain forward (policy DENY):
target prot opt source destination ports
ACCEPT all ------ 192.168.22.0/24 192.168.22.0/24 n/a
ACCEPT all ------ 192.168.22.0/24 192.168.22.0/24 n/a
MASQ all ------ 192.168.22.0/24 anywhere n/a
DENY all ------ anywhere anywhere n/a
Chain output (policy ACCEPT):
target prot opt source destination ports
icmpOut icmp ------ anywhere anywhere any -> any
- tcp ------ anywhere anywhere any -> www
- tcp ------ anywhere anywhere any -> ssh
- tcp ------ anywhere anywhere any -> tel$
- tcp ------ anywhere anywhere any -> ftp
- tcp ------ anywhere anywhere any -> pop3
- tcp ------ anywhere anywhere any -> smtp
- tcp ------ anywhere anywhere any -> ftp$
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
DENY all ------ BASE-ADDRESS.MCAST.NET/4 anywhere n/a
DENY all ------ anywhere BASE-ADDRESS.MCAST.NET/4 n/a
ACCEPT icmp ------ 192.168.22.0/24 anywhere any -> any
ACCEPT all ------ anywhere 192.168.22.0/24 n/a
ACCEPT tcp !y---- 66.89.51.211 anywhere ftp-data -> $
ACCEPT tcp !y---- 66.89.51.211 anywhere ftp -> any
ACCEPT tcp !y---- 66.89.51.211 anywhere www -> any
ACCEPT tcp !y---- 66.89.51.211 anywhere https -> a$
ACCEPT tcp !y---- 66.89.51.211 anywhere smtp -> any
ACCEPT tcp !y---- 66.89.51.211 anywhere ssh -> any
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
Chain denylog (9 references):
target prot opt source destination ports
DENY all ------ anywhere anywhere n/a
Chain icmpIn (1 references):
target prot opt source destination ports
ACCEPT icmp ------ anywhere anywhere echo-reply
ACCEPT icmp ------ anywhere anywhere destination-$
ACCEPT icmp ------ anywhere anywhere source-quench
ACCEPT icmp ------ anywhere anywhere time-exceeded
ACCEPT icmp ------ anywhere anywhere parameter-pr$
ACCEPT icmp ------ anywhere anywhere echo-request
denylog all ------ anywhere anywhere n/a
Chain icmpOut (1 references):
target prot opt source destination ports
ACCEPT icmp ------ anywhere anywhere echo-request
ACCEPT icmp ------ anywhere anywhere echo-reply
ACCEPT icmp ------ anywhere anywhere destination-$
ACCEPT icmp ------ anywhere anywhere source-quench
ACCEPT icmp ------ anywhere anywhere time-exceeded
ACCEPT icmp ------ anywhere anywhere parameter-pr$
denylog all ------ anywhere anywhere n/a
-
RT*M: http://edocs.mitel.com/6000_SME_Server/smeserveruserguide/English/admin-otheremailsettings.html
-
It's set to public... and that shouldn't matter. I'm not talking about user access, incoming messages are not making it to the pop server.
-
Problem resolved, it was temporarily set to private, thanks!
-
Yes, it should matter. Port 110 is port 110, and the public/private setting controls access to (among other things) port 110. Port 110 is user access, period--mail delivery would happen on port 25. If you're not getting mail from the outside world, your problem has nothing to do with port 110; most likely, your ISP is blocking port 25.
-
I have been following similar threads for some time since I can't get incoming mail to work.
How do I definitively determine that my ISP is blocking port 25. I have been told that the ISP doesn't block any ports. I am not sure that I believe them.
What I have tried:
Check/read manuals.
Made sure that SME is set to public.
Tested webmail which works remotely to send.
Internal to the network, mail works.
Made an successful SSL connection from outside of the SME network.
Tried to connect to port 25 with SSL from outside the network expecting to get some response, but only received a time-out notice.
Tried samspade to get the nslookup mx information without success. This is a problem with me trying to get samspade to work. I am looking for command line tool for Windows so I can use the commands I am used to using from MacOSX.
What else should I try to be certain that port 25 is blocked from the ISP?
Thanks in advance
Nuke
-
Finally got the nslookup to work
I used the following command nslookup -q=mx myDynDNS.homelinux.com
The result received was:
Authoritative answers can be found from:
homelinux.com
origin = ns1.dyndns.org
mail addr = hostmaster.dyndns.org
serial = 2002363959
refresh = 10800 (3H)
retry = 1800 (30M)
expire = 604800 (1W)
minimum ttl = 1800 (30M)
It's like mail isn't forwarding from the dynamic dns site???
This wasn't the result that I expected to receive.
Here is what I get within the network.
myDynDNS.homelinux.com preference = 5, mail exchanger = main.myDynDNS.homelinux.com
myDynDNS.homelinux.com nameserver = main.myDynDNS.homelinux.com
main.myDynDNS.homelinux.com internet address = xxx.xxx.xxx.xxx
-
Ignore SSL--just try to 'telnet yourhost.com 25' from outside your LAN. If it times out, it's 99% certain your ISP is blocking port 25. If that times out, but you're able to connect to your web server, that probability increases to 100%.