Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Bill Talcott on April 15, 2003, 08:14:47 PM
-
http://forums.contribs.org/index.php?topic=16790.msg65027#msg65027
http://forums.contribs.org/index.php?topic=16790.msg65027#msg65027
Those two appear to be the same thing. Users were reporting that they weren't getting any external emails in. An external port scan showed 25 as "stealth". Opening 25 via the Port Opening contrib fixed the problem for now, but I'd really like to know why it's doing this. I have a 5.5U5 with Damien's Amavis+Clam and SSMTP addons, but nothing has changed recently to cause this. Anyone have any ideas why port 25 wouldn't be open?
-
Hi Bill,
I am the original poster of the:
http://forums.contribs.org/index.php?topic=16790.msg65027#msg65027
Damien's Contrib is unrelated to this, as we did not have it loaded on our machine that had the problem. Do have RAV however, but that is not the problem.
We were able to open the port as you described and that sorted it out for that instance. One thing I noticed while watching the console on this machine while it booted, was that qmail would fail to load.
Starting and stopping qmail manually in our case also opened the port.
What did we do to fix it? It just "cleared itself up"
We to would like an answer, for next time.
Dan
-
We don't have RAV, so I agree that it's probably not related to the problem.
Also, restarting qmail doesn't fix it. Everything that should be starting does. I don't know of any changes that could cause this. It worked one day, the next it didn't.
-
Hi Bill,
Is it working now?
Did it just "cleared itself up" like ours?
Dan
-
Nope, it's still not working. If I remove the port opening entry for 25, the port goes "stealthed" and doesn't receive incoming mail. After removing the rule, I've tried running every email-related "-update" command I could find, restarting qmail, etc. Once the port is reopened via the panel, it works fine again. It's very possible that I'm just not doing the right thing to restore the default configuration, but nothing I've tried seems to help.
Any other suggestions as to commands or settings to try?
-
Hello,
Exactly the same problem here, I started testing with 5.6 and discovered that I did not receive e-mail, exept from some servers. Downgraded to 5.5, same problem. Checking my ports indicates that 25 is stealthed and I'm to much a newbee to know how to open that port ...
My setup is a DSL connection with a smoothwall firewall, the Mitel web & mail server is in the DMZ en the ports 25, 80 & 110 are forwarded to the Mitel.
What I think is strange is that when I sent an email from my local network to my mail server in the DMZ the header indicates that it does reach the SMTP server from my provider and that server relays it back to my mailserver. That message arrives in the mailbox from my Mitel.
{see header below}
Return-Path:
Delivered-To: niels@digital-1.leeuwis.org
Received: (qmail 3083 invoked by alias); 18 Apr 2003 13:25:18 -0000
Delivered-To: alias-localdelivery-niels@leeuwis.org
Received: (qmail 3080 invoked from network); 18 Apr 2003 13:25:17 -0000
Received: from smtp05.wxs.nl (195.121.6.57)
by digital-1.leeuwis.org (172.16.56.10) with ESMTP; 18 Apr 2003 13:25:17 -0000
Received: from pc1 (ip3e830887.speed.planet.nl [62.131.8.135])
by smtp05.wxs.nl (iPlanet Messaging Server 5.2 Patch 1 (built Aug 19 2002))
with SMTP id <0HDJ00ATKJX0AL@smtp05.wxs.nl> for niels@leeuwis.org; Fri,
18 Apr 2003 15:24:37 +0200 (MEST)
Date: Fri, 18 Apr 2003 15:26:01 +0200
From: Niels Leeuwis
Subject: test van nl net
To: niels@leeuwis.org
Message-id: <000c01c305ae$0e37eb60$0a3ca8c0@smoothwall>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
X-Mailer: Microsoft Outlook Express 5.50.4920.2300
Content-type: text/plain; charset=Windows-1252
Content-transfer-encoding: 7BIT
X-Priority: 3
X-MSMail-priority: Normal
When I sent a message from a hotmail account or from an other provider (12move in this example) messages never arrive and I get an reply that the server mail.leeuwis.org doesn't respond.
Any idears ??
Niels
-
Is this the correct IP address?
Validation results
Timed out
canonical address:
MX records preference exchange IP address (if included)
10 mail.leeuwis.org [62.131.8.135]
SMTP session
[Contacting mail.leeuwis.org [62.131.8.135]...]
[Timed out]
-
Hello,
> Is this the correct IP address?
>
> Validation results
> Timed out
>
> canonical address:
>
> MX records preference exchange IP address (if included)
> 10 mail.leeuwis.org [62.131.8.135]
> SMTP session
>
> [Contacting mail.leeuwis.org [62.131.8.135]...]
> [Timed out]
Yes, it's the correct IP adress, set up of the IP is ADLS modem/router
62.131.8.135 ADSL modem 10.0.0.138 - 10.0.0.150 smoothwall 172.16.56.1:25 -
172.16.56.10:25 Mitel
port scans indicate port 25 stealthed ...
Niels
-
Port scans inside your network, or from the public side? If that's from the public side try and telnet to port 25 on your SME...
-
Niels Leeuwis wrote:
>
> Exactly the same problem here, I started testing with 5.6 and
> discovered that I did not receive e-mail, exept from some
> servers. Downgraded to 5.5, same problem. Checking my ports
> indicates that 25 is stealthed and I'm to much a newbee to
> know how to open that port ...
Install the Port Opening contrib and open port 25. That should work as a temporary fix...
-
Port scan from outside (using GRC.COM and Sygate). Scanning port 25 is not visible in the firewall logs so it's being sent to the mitel.
-
I read about the port opening contrib before but failed locating it
Niels
-
I would not make any drastic changes at this point such as port opening contribs etc.
I have had the exact same thing happen a few times, and it just clear itself up.
Try this for the heck of it.
/etc/rc.d/init.d/network restart
service qmail restart
nmap 'your internal ip'
As well, what mode is your server running in?
Have you by chance recently changed it's role?
Dan
-
Try telnetting to port 25 *internally*, from the same subnet as the SME. This will tell you if the problem is on your SME box or your NAT/router setup. If you connect properly you should see something like:
220 pdc.brummell.net mailfront ESMTP
-
> I have had the exact same thing happen a few times, and it
> just clear itself up.
I don't like computer problems that clear themselves up ....;-))
> Try this for the heck of it.
> /etc/rc.d/init.d/network restart
> service qmail restart
no result,
> nmap 'your internal ip'
command not found
> As well, what mode is your server running in?
server only mode
> Have you by chance recently changed it's role?
nope, I did a fresh install this afternoon, first 5.6 to fix the problem, when that didn't work 5.5 but that didn't fix the problem. what puzzles me is that I was able to receive some mail, but not from all places.
Niels
(have to take the wife out for dinner in 15 mins, so have to puzzle again tomorrow...
thanks for the efford so far)
-
> Try telnetting to port 25 *internally*, from the same subnet
> as the SME. This will tell you if the problem is on your SME
> box or your NAT/router setup. If you connect properly you
> should see something like:
>
> 220 pdc.brummell.net mailfront ESMTP
Tried that allready, netstat -a -n on the mitel indicates that ithe server is listening on port 25 (0.0.0.0:25 LISTEN) but that is no guarantee it is responding
(I have the same problem sometimes..."is this dress okay ???" LOL)
-
Yes, but did it connect? Trying to establish WHERE the problem is...it's not necessarily the SME that's not working.
-
This seems to be a promising solution:
http://www.davideous.com/smtp-poplock/
I haven't tried it but its description seems to answer the prayers.
-
Upaboveit wrote:
>
> This seems to be a promising solution:
>
> http://www.davideous.com/smtp-poplock/
>
> I haven't tried it but its description seems to answer the
> prayers.
This is probably a fancier, more secure version of Nathan Fowler's pop-before-smtp script. Damien's SASL contrib adds authentication to the SMTP connection itself, and already works just fine for SME.
Regarding my SMTP issue, it works great from inside. However, port 25 is being blocked from the outside. It appears stealthed in a scan. I've tried restarting everything, and signalling update events and such so that the config files will get rebuilt. Opening the port causes everything to work great again, and removing the port opening entry causes it to stop working again.
-
Hello,
After extensive testing I was able to narrow the problem down, port 25 reacts fine from inside (telnet x.x.x.x 25) even when trying it from the other subnet (server is in a DMZ). From the outside no response is coming. At this point I suspect qmail not answering on SMTP calls that are from IP numbers that it doesn't know. Being an absolute nitwit on qmail I'm going to read the documentation on
http://www.qmail.org/man/index.html
to find a solution there..
Any other hints are welcome, Bill can you explain me how you opend up port 25 ??
Thnx
Niels
-
Bill Talcott wrote:
> Regarding my SMTP issue, it works great from inside. However,
> port 25 is being blocked from the outside. It appears
> stealthed in a scan.
Is smtpfront-qmail set to "private" in the config db?
What does:
/sbin/e-smith/config show smtpfront-qmail
say?
Charlie
-
Charlie Brady wrote:
>
> Is smtpfront-qmail set to "private" in the config db?
>
> What does:
>
> /sbin/e-smith/config show smtpfront-qmail
>
> say?
>
> Charlie
# /sbin/e-smith/config show smtpfront-qmail
smtpfront-qmail=service
access=public
filter=/usr/sbin/qmail-queue.amavis
status=enabled
-
Niels Leeuwis wrote:
>
> Bill can you explain me how you
> opend up port 25 ??
I installed the "Port Opening" contrib from contribs.org. I then went into the Port Opening panel in Server Manager, and typed in 25 and clicked "Open".
-
Hello,
Just a quickie to let all interested ones know that I think I have pinned down the problem, it seems that my uplink (provider, I have an ADSL connection) is blocking all SMTP traffic that is not adressed to his server or originating from his downlinks. After some discussion with the first line of the helpdesk I was able to convince them that I needed to talk to someone that knew what he (or she) was talking about and after explaining the problems he send me a small how-to about relaying mailtraffic. Yesterday evening I changed my MX records, so I'm able to test this evening.
If it works I'll let you know so others can profit of this knowledge.
Bye
Niels
-
How does one "Downgraded to 5.5"?
I assume a downgrade is the reverse of a upgrade, so files and data would not be disturbed. But I do not understand how to do it.
-
dave wrote:
>
> How does one "Downgraded to 5.5"?
> I assume a downgrade is the reverse of a upgrade, so files
> and data would not be disturbed. But I do not understand how
> to do it.
In this case downgrading doesn't mean anymore then installing a previous version (in this case 5.5). Normally you should have to back up all files on the server manually and after the downgrade restore them on the right places. In this case I am building and testing a brand new server so the only thing I had on it were the configuration files, no big deal to enter that information by hand. After I finish the testing process (propably in a month or so) the server goes live and then downgrading will be a problem.
Niels
-
Hello,
I find this forum after a long long long way to look after the problem of stopping recieve of incoming messages. I upgrade to v5.6, downgrade, re-upgrade, bit my computer, and so on...
But the main reason was that (without notice) my provider blocked port 25 (for anti-spamming reasons) and no way to ammend his decision.
We (because in my search I found a lot of people with the same problem) have to find solution to use an other port (2525 seems to be the good choice). I'm sure you can help me to change the listening port of qmail but the problem is to have an external mail forwarding which can send mails on the new port.
Dyndns (my dynamic DNS provider) denies.
TZO can do it but is expensive (150 $ a year)
SMTP.com seems to be the best solution for 50$ a year.
My questions are:
-how to change the port (service link needed?). I never go on my server exept witadmin!! but I use Linux.
-Do you know a way to change the port during the auth. protocol?
-Do you know a port forwarding method in the MX protocol?
Best regards
-
Emmanuel Mortier wrote:
>
> -Do you know a port forwarding method in the MX protocol?
When I got it clear that my problem was my provider I tried to change my MX records to www.xxx.yyy.zzz:2525 and rerouting that port to 25 with my firewall, I knows this is standard procedure with port 80 requests but my domain host didn't accept that syntax.
I'm afraid I can't help you with this problem
Niels
-
So everything stops here? This discussion ends up with no email from an e-smith box from the outside world!
I just can't imagine that this is what the Mitel guys intended to make. Except from the opening of port 25, and that opens a relaying risk, doesn't it?