At 03:18 PM 8/9/02 -0400, Craig Heil wrote: >The firewall has been in place for some time working great. We recently >began testing an internal mail server. >It has been tested internally fine. It can also send mail externally fine. >However, even though we have opened up the SMTP port everywhere in the >firewall, when you send mail outside to the machine, sendmail gets it into >the mail queue but then the message is deferred since it cannot talk back >through the firewall. The error message reads "(Deferred: Connection timed >out with XXX.XXX.XXX.XXX.)" where the XXX's are the firewall real-world IP >address. The port forwarding is also set up on the SMTP port. We have >checked through the config and found nothing that helps. Please advise.
We need a bit more detail to be able to help. First, what version of LEAF are you using? Second, are you using its default firewalling or one of the drop-in firewall options? And am I correct in assuming that your LAN is NAT'd? Third, you say you "have opened up the SMTP port everywhere in the firewall" but that your internal SMTP server is failing because "it cannot talk back through the firewall". Given the error message you quote, the reasonable inference is that the second of your two statements is correct, which suggests that the first is wrong. So ... *how* did you open the SMTP port? Fourth, might your ISP be the actual culprit here? I've heard of (but not actually seen) ISPs that block incoming traffic to port 25 at their customers' IP addresses, in order to force the customers to use the ISP's mail servers as (POP3 or IMAP) relays. Finally, could you take another shot at explaining the circumstances under which the SMTP server fails to deliver? I read what you wrote to mean that if somebody tries to send an email to [EMAIL PROTECTED], where yourdomaim.com resolves to the IP address of your firewall, then the message gets stuck in the MTA (e.g., sendmail) queue of the sending machine (or whatever it uses as a relay for outgoing mail). That is, the "sendmail" you refer to is -NOT- the MTA you are running on your mail server. But that interpretation involves a lot of reading between the lines, so your confirming or correcting it would be worth while. -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
