[ilugd] qmail smtp not accepting remote connections. Works fine locally.
Hello folks, I am looking for some qmail expertise, hoping that someone has experienced this issue before...and knows the remedy. When connecting from remote: telnet mail.channelorama.com 25 Trying 74.126.19.227... telnet: connect to address 74.126.19.227: Connection timed out telnet: Unable to connect to remote host: Connection timed out When connecting locally on channelorama.com: telnet mail.channelorama.com 25 Trying 74.126.19.227... Connected to mail.channelorama.com. Escape character is '^]'. 220 Mail - Welcome to Qmail ESMTP quit 221 Mail - Welcome to Qmail Connection closed by foreign host. cat /etc/tcprules.d/tcp.smtp: - :allow,RELAYCLIENT="" I am using qmail-1.03-1.5.15 on CentOS release 5 (Final). Thanks, Nishi ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] qmail smtp not accepting remote connections. Works fine locally.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nishikant Kapoor writes: > Hello folks, > I am looking for some qmail expertise, hoping that someone has > experienced this issue before...and knows the remedy. > When connecting from remote: > > telnet mail.channelorama.com 25 > Trying 74.126.19.227... > telnet: connect to address 74.126.19.227: Connection timed out > telnet: Unable to connect to remote host: Connection timed out Looks like firewall is dropping packets. But, since I can connect to it from here, so I think your ISP might be dropping packets destined to port 25. Try tcptraceroute-ing. HTH - -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “A committee is the only known form of life with a hundred bellies and no brain.” (Robert A. Heinlein, "Methuselah's Children", 1958) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAEBCgAGBQJMNPt/AAoJEMdGz6nnT6Swx50P/25XXv47z3lpU97I+SMitETB 2+q3FeoSryUkWmfZsHXzNUiurEZY8X5O9n1dHE99Lthl/bOe2ZUpb8ydIZCKVlXv Iy4iT1omfTTZzTBUBsmM2xoXLp4qIZGdVJxeDXAxcy/eEshNB36kwq/gYEHO38z7 mtnKSc6NYHTRX3KA+u6skt+DBDvBc6+2OTqaeg/cWaAycaYraG0BLhMMLsaEGHAD 2aT+DKK0N1MFItFwMal6qHLZdwnBRmaXC9Vy97VeGqPRxxyafjoU7uNFkHxUGnCD YCZw8FAwq3B+xF331v1wo/xaRXFksSe84dcDQM8FRZzJexY2aGUD5vYO5Mz7IwI6 JxrQ5aWQlhgOm7Rvwgjk0Gz5MWL3B7+Paab08e3+q/8ZRim2t4aqComADU9CO2Hx 05/BxnWDLkCrXGVJmF+toPQd/a+vqqn7p09FoEmBloyYBySaV/OnLD7R9jPd6LTE fzPCnolY+9pN+OyLDieh6xsrdlEW45Bz8PNR084orZINeAsKgW3UHbEWZVo5at0J b3lV2n82N/48jAHSuY8WTtvYeOGcI6LUx6bUs+mSGQhu8sHouHgnrSzXs4XZIW4J yTQwuXDdhyRHfsmv2V2OId7U6bRNOC+FKBqwZkuwgbIKvCPmijd6p3GKgxRxLYLa iDn9eK4Ra+b8QOni2TNf =Vqsx -END PGP SIGNATURE- ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] qmail smtp not accepting remote connections. Works fine locally.
Ashish SHUKLA wrote: -BEGIN PGP SIGNED MESSAGE- Nishikant Kapoor writes: Hello folks, I am looking for some qmail expertise, hoping that someone has experienced this issue before...and knows the remedy. When connecting from remote: telnet mail.channelorama.com 25 Trying 74.126.19.227... telnet: connect to address 74.126.19.227: Connection timed out telnet: Unable to connect to remote host: Connection timed out Looks like firewall is dropping packets. But, since I can connect to it from here, so I think your ISP might be dropping packets destined to port 25. Try tcptraceroute-ing. HTH - -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ Thanks Ashish, for your prompt response. So, you are able to do a 'telnet mail.channelorama.com 25' from your host? If so, it sure seems to be blocking my host. traceroute fails to find 'mail.channelorama.com' but tracepath can find it...in a pretty long path. [r...@nkapoorgw]# traceroute6 mail.channelorama.com traceroute: unknown host mail.channelorama.com [r...@nkapoorgw]# tracepath mail.channelorama.com 1: 192.168.1.66 (192.168.1.66) 0.117ms pmtu 1500 1: home (192.168.1.254) 1.590ms 1: home (192.168.1.254) 1.039ms 2: 99-188-240-3.lightspeed.sndgca.sbcglobal.net (99.188.240.3) 3.961ms 3: 75.20.64.10 (75.20.64.10)24.196ms 4: no reply 5: 75.20.78.10 (75.20.78.10)26.285ms 6: bb2-g14-0.sndg02.sbcglobal.net (151.164.42.192) 22.876ms 7: 151.164.98.61 (151.164.98.61)28.373ms asymm 9 8: te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 27.721ms asymm 10 9: ae-72-70.ebr2.LosAngeles1.Level3.net (4.69.144.115) 28.684ms asymm 10: ae-2-2.ebr2.SanJose1.Level3.net (4.69.132.13)44.125ms asymm 13 11: ae-3-3.ebr1.Denver1.Level3.net (4.69.132.58) 72.186ms asymm 15 12: ae-1-100.ebr2.Denver1.Level3.net (4.69.132.38) 83.939ms asymm 14 13: ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62)83.442ms asymm 9 14: ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 84.020ms asymm 16 15: ae-1-100.ebr2.Chicago1.Level3.net (4.69.132.42) 89.428ms asymm 16 16: ae-8-8.car1.Detroit1.Level3.net (4.69.133.241) 89.135ms 17: ae-11-11.car2.Detroit1.Level3.net (4.69.133.246) 89.274ms asymm 16 18: INTERNET-12.car2.Detroit1.Level3.net (4.53.74.54) 89.312ms asymm 16 19: 209-124-54-122.static.123.net (209.124.54.122)89.286ms asymm 17 20: a2vps4.a2hosting.com (74.126.19.245) 90.248ms asymm 15 21: 74.126.19.227.static.a2webhosting.com (74.126.19.227) 89.720ms reached Resume: pmtu 1500 hops 21 back 50 ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] qmail smtp not accepting remote connections. Works fine locally.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Nishikant Kapoor writes: [...] > So, you are able to do a 'telnet mail.channelorama.com 25' from your > host? If so, it sure seems to be blocking my host. traceroute fails to > find 'mail.channelorama.com' but tracepath can find it...in a pretty > long path. Yes, I'm able to telnet to port 25. > [r...@nkapoorgw]# traceroute6 mail.channelorama.com > traceroute: unknown host mail.channelorama.com thats because you're using traceroute6 which is looking for records. Use tcptraceroute[1] to figure out which host drops the packet. > [r...@nkapoorgw]# tracepath mail.channelorama.com > 1: 192.168.1.66 (192.168.1.66) 0.117ms pmtu 1500 > 1: home (192.168.1.254) 1.590ms > 1: home (192.168.1.254) 1.039ms > 2: 99-188-240-3.lightspeed.sndgca.sbcglobal.net (99.188.240.3) 3.961ms > 3: 75.20.64.10 (75.20.64.10)24.196ms > 4: no reply > 5: 75.20.78.10 (75.20.78.10)26.285ms > 6: bb2-g14-0.sndg02.sbcglobal.net (151.164.42.192) 22.876ms > 7: 151.164.98.61 (151.164.98.61)28.373ms asymm 9 > 8: te-3-4.car3.LosAngeles1.Level3.net (4.68.110.113) 27.721ms asymm 10 > 9: ae-72-70.ebr2.LosAngeles1.Level3.net (4.69.144.115) 28.684ms asymm > 10: ae-2-2.ebr2.SanJose1.Level3.net (4.69.132.13)44.125ms asymm 13 > 11: ae-3-3.ebr1.Denver1.Level3.net (4.69.132.58) 72.186ms asymm 15 > 12: ae-1-100.ebr2.Denver1.Level3.net (4.69.132.38) 83.939ms asymm 14 > 13: ae-3-3.ebr1.Chicago2.Level3.net (4.69.132.62)83.442ms asymm 9 > 14: ae-6-6.ebr1.Chicago1.Level3.net (4.69.140.189) 84.020ms asymm 16 > 15: ae-1-100.ebr2.Chicago1.Level3.net (4.69.132.42) 89.428ms asymm 16 > 16: ae-8-8.car1.Detroit1.Level3.net (4.69.133.241) 89.135ms > 17: ae-11-11.car2.Detroit1.Level3.net (4.69.133.246) 89.274ms asymm 16 > 18: INTERNET-12.car2.Detroit1.Level3.net (4.53.74.54) 89.312ms asymm 16 > 19: 209-124-54-122.static.123.net (209.124.54.122)89.286ms asymm 17 > 20: a2vps4.a2hosting.com (74.126.19.245) 90.248ms asymm 15 > 21: 74.126.19.227.static.a2webhosting.com (74.126.19.227) 89.720ms reached > Resume: pmtu 1500 hops 21 back 50 A Google search[2] reveals, AT&T does that. References: [1] http://www.google.com/search?q=tcptraceroute [2] http://www.google.com/search?q=AT%26T+sbc+blocking+port+25 HTH - -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “A designer knows he has achieved perfection not when there is nothing left to add, but when there is nothing left to take away.” (Antoine de Saint-Exupéry) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAEBCgAGBQJMNQSvAAoJEMdGz6nnT6SwS2MQAKMWFLiDVwrxpAnZqrmGEvvQ toQK/Uxqz31u591FGY09JJI9aknqb/irhjivUuicLcvPNY742zUQ1sMk9K+oakE/ 5w7oA91BcYaaSO5vtbornohGjYFVhg09UTaa29feL2AYeDoU0+WtcRBjHoyAnvHk z7C9WVBoknc96h6iGBpMHvtjkJ7tEs9DUYuKErWrLvbtyaNKDzW5sRggn1/mBNc5 40rybhCAv1oVpRbJdkX8E1eAUw3w8iBuMYHj3r74BmrczQBPdZllKRfoMEW/csV4 4ROlea/X160MI/w0Mkp0xRed7yt6N6ou/qws7NepfMkIaTsq25UWrhatdT9QEEvP z/p32Ljn1jXU/RvbxjJhVZ2Hb08dlY+7Rc0jWGMZJoSDpGaZCCgGD3eZ6YdNLv9b HFAFoi6bxF6jKIk20MA7fxbGXesKKVuZ5Ujrkf8sGJHwZms9qf7u8YzuylSVtewC Ch4NazS7st7BHle0eyndF8z5TPtxFmtCCkQYyHM0hIxdmErMfu0LlHHLp6Vy2bME sAy3ZB6cV3b8lE8uOwCvJ7kfWRikA6sc1RkORsv4hyMSMnVbV+uRwPL7zy9i+DGj SBPczquq2KfK32OnSeNZHb95J10C6xzepMtX0nAR2rWhRzcnN6C1dU3PdA1ALWbN QQsR3MIkEwLyOEKhY9eA =9QyL -END PGP SIGNATURE- ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] qmail smtp not accepting remote connections. Works fine locally.
> When connecting from remote: > > telnet mail.channelorama.com 25 > Trying 74.126.19.227... > telnet: connect to address 74.126.19.227: Connection timed > out > telnet: Unable to connect to remote host: Connection timed > out > > When connecting locally on channelorama.com: > > telnet mail.channelorama.com 25 > Trying 74.126.19.227... > Connected to mail.channelorama.com. > Escape character is '^]'. > 220 Mail - Welcome to Qmail ESMTP > quit > 221 Mail - Welcome to Qmail > Connection closed by foreign host. > > cat /etc/tcprules.d/tcp.smtp: > - > :allow,RELAYCLIENT="" Things to check - 1.A firewall or iptables not allowing port 25 to this server from outside. 2. Qmail not listening on public IP or private IP Natted to public IP but listens only on localhost. 3. Any tcpwrappers not allowing access. 4. SELinux active and not allowing access. 5. Public IP not correctly Natted to private IP in case used. --Naresh Narang ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
Re: [ilugd] qmail smtp not accepting remote connections. Works fine locally.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Naresh Narang writes: >> When connecting from remote: >> >> telnet mail.channelorama.com 25 >> Trying 74.126.19.227... >> telnet: connect to address 74.126.19.227: Connection timed >> out >> telnet: Unable to connect to remote host: Connection timed >> out >> >> When connecting locally on channelorama.com: >> >> telnet mail.channelorama.com 25 >> Trying 74.126.19.227... >> Connected to mail.channelorama.com. >> Escape character is '^]'. >> 220 Mail - Welcome to Qmail ESMTP >> quit >> 221 Mail - Welcome to Qmail >> Connection closed by foreign host. >> >> cat /etc/tcprules.d/tcp.smtp: >> - >> :allow,RELAYCLIENT="" > Things to check - > 1.A firewall or iptables not allowing port 25 to this server from outside. > 2. Qmail not listening on public IP or private IP Natted to public IP but > listens only on localhost. > 3. Any tcpwrappers not allowing access. tcp_wrappers only comes into picture after accept(), but here connection is timing out, which hints at packets being dropped. HTH - -- Ashish SHUKLA | GPG: F682 CDCC 39DC 0FEA E116 20B6 C746 CFA9 E74F A4B0 freebsd.org!ashish | http://people.freebsd.org/~ashish/ “Q: Why UNIX geeks feel the need of a wife ? A: Since all UNIX geeks possess a large fortune db and according to Law of Jane Austen, It is a universal truth that a single man with a large fortune is in need of a wife.” (abbe, 2009) -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.15 (GNU/Linux) iQIcBAEBCgAGBQJMNZCpAAoJEMdGz6nnT6SwOCkP/3ha/IJnU3awMN1epBoSmuF5 7rz+W9LF93Z/6NW7HeUVt1imJ6XFNgxcTGXvVCZ2u84ZaR0dLfjTtFqpOEtILNqX xKoMjieeorInOBQE24Ru7BNg5OY5pvUEnLTwlSGbXnuDEgEOwtwloLbrZNpIJ/dm NIygycqkkc9Z15LaSrU5GwvNH9W7KWZfLiodARskShSIRGlWaEfj0tZsFj5biz8G ZByuEWdf8CXdxQYy+ncxuN8SYdlQo0bvYhydxdTYzXHJFRHkf32m9h46BK89V/Qn MC/MD15h1d4YpwGIDgv3Wc8MhGqCAwjrbY6K9L3pEDmfVUM34jQ/RpgsaSwUwe6X YXTSodmlMOPGQks2JLMBByrlJnmb+g1f7UeZUpBp74ZteiwjFqvGOaCEEBVDHby/ JY5yXS9JlsGlCAVUEixSuQGojZ3MWSDPGhsjyX1BUcPNLrDXkLmn7G1vatwOgeAe Bb5+QPRshFTx1dg9/lNXxm+Bvj9NVqW4jQLb/HltfVEclj1AbxmRGjQYRtP52gJC YcdGM59chzCgUMoKS8gXEKBg59kSl+PiSld5g1jfI/yr9fOcEYLkcmV7/2/R2E9X A8cIOIuS3dLaDjKOag7hpFaZb1wSlfRpc9ABG0yd+sJ25+A5DpRWdyPZ78CpOix/ y+5BMFlWQT1GkT/dXh+G =QI5n -END PGP SIGNATURE- ___ Ilugd mailing list Ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd
