Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 394
  • Last Modified:

Email Server in RH8

Hi,

I have setup an email server on RH8, but have run into to trouble.  Email can be sent out, but cannot be recieved from external mail accounts.

Any suggestions?

Thanks,

Matt
0
MatthewL
Asked:
MatthewL
  • 12
  • 12
  • 2
  • +1
1 Solution
 
majorwooCommented:
what message do you get? Is your mail server accesible from the internet? if there is a firewall in the way is it forwarding port 25 to the mailserver?


EXTIF="eth1"
MAILIP="192.168.2.2"
/sbin/iptables -t nat -A PREROUTING -i $EXTIF -p tcp --dport 25 -j DNAT --to "$MAILIP":25
/sbin/iptables -A FORWARD -p tcp --dport 25 -i $EXTIF -j ACCEPT

that will forward port 25 from the firewall to the mailserver  
0
 
MatthewLAuthor Commented:
Hi majorwoo,

The message that I recieve when the mail bounces is (XXXX is just the domain name:

   ----- Transcript of session follows -----
553 5.3.5 XXXXX.com. config error: mail loops back to me (MX problem?)
554 5.3.5 Local configuration error

I can connect through mail2web.com to the account and send mail out without any problems.

With the commands you provided, for MAILIP, should I use my machine address or is 192.168.2.2 like 127.0.0.1?

Thanks,

Matt
0
 
majorwooCommented:
the mail IP should be the IP address of the machine doing the mailserver, assuming that it is behind a firewall:

once again, those commands i gave you are only going to help the mailserver has a private IP 192.168.0.2 kind of deal, and gets its internet from a firewall/router machine in front of it -- they would need to be added to the firewall script.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
periwinkleCommented:
Are you using sendmail?  This is a common question, that is answered in the sendmail FAQ:

http://www.sendmail.org/faq/section4.html#4.5

Basically, you need to added your domain name to the local-host-names file and restart sendmail by performing the following command:

     kill -HUP `head -1 /var/run/sendmail.pid`
0
 
MatthewLAuthor Commented:
Hi periwinkle,

I do have the domain names in the local-host-names file, but maybe I have it in correct format.  The format I have used is:

localhost
www.mydomain.com
www.mydomain2.com

Perhaps it should be

localhost
mydomain.com
mydomain2.com

?

Thanks,

Matt
0
 
periwinkleCommented:
Matt -

If you put in mydomain.com, it will also accept www.mydomain.com - I'd try changeing that.

Localhost is generally not needed - I'd remove that.
0
 
MatthewLAuthor Commented:
Hi periwinkle,

I made those changes, but no dice.  Any other suggestions?

Thanks,

Matt
0
 
MatthewLAuthor Commented:
Hi majerwoo,

I did have a firewall running on the same machine, but I have now turned it off to narrow the problem.  I still get the same symptoms.

Thanks,

Matt
0
 
periwinkleCommented:
any more information in the /var/log/maillog file?
0
 
MatthewLAuthor Commented:
Hi Periwinkle,

It has an error that says

... relaying denied.  IP lookup failed.

Matt

0
 
periwinkleCommented:
Are the DNS records for your domain properly configured?

If you do:

dig mx domainname.com

do you get your mailserver?  Are the MX domains properly set up as A records?

Try running through http://www.dnsreport.com/ and see if you get some feedback.
0
 
periwinkleCommented:
Additionally, what's in /etc/resolv.conf ?  Are they valid name servers?
0
 
MatthewLAuthor Commented:
Hi Periwinkle,

I think you are on to the heart of the problem.  
I went to www.dnsreport.com as you suggested.

The DNS report shows that
i) MX Category fails
ii) connection to mail servers failed

The mail test shows that
i) there is no MX record
ii) there is an A record


Matt
0
 
periwinkleCommented:
Matt -

Do you have access to your dns records?  Or can you let us know the domain name?  I can help with the DNS issues, too.
0
 
MatthewLAuthor Commented:
Hi periwinkle,

The domain is www.mountainpeace.ca.  I probably do have access to dns records, but would need to know what to do.

Thanks,

Matt
0
 
periwinkleCommented:
Hi Matt -

I did a 'dig' on your domain name for mx records:

$dig mx mountainpeace.ca

; <<>> DiG 9.2.1 <<>> mx mountainpeace.ca
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25017
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;mountainpeace.ca.              IN      MX

;; ANSWER SECTION:
mountainpeace.ca.       7200    IN      MX      0 mail.mountainpeace.ca.

;; AUTHORITY SECTION:
mountainpeace.ca.       7200    IN      NS      ns12.zoneedit.com.
mountainpeace.ca.       7200    IN      NS      ns14.zoneedit.com.

;; ADDITIONAL SECTION:
ns12.zoneedit.com.      3514    IN      A       64.246.26.64
ns14.zoneedit.com.      48221   IN      A       209.126.159.80

;; Query time: 66 msec
;; SERVER: 64.39.2.170#53(64.39.2.170)
;; WHEN: Tue Mar 11 09:43:45 2003
;; MSG SIZE  rcvd: 153


And then looked up mail.mountainpeace.ca:

dig mail.mountainpeace.ca

; <<>> DiG 9.2.1 <<>> mail.mountainpeace.ca
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13001
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.mountainpeace.ca.         IN      A

;; ANSWER SECTION:
mail.mountainpeace.ca.  7200    IN      A       24.66.201.190

;; AUTHORITY SECTION:
mountainpeace.ca.       7200    IN      NS      ns12.zoneedit.com.
mountainpeace.ca.       7200    IN      NS      ns14.zoneedit.com.

;; Query time: 48 msec
;; SERVER: 128.242.249.201#53(128.242.249.201)
;; WHEN: Tue Mar 11 10:44:31 2003
;; MSG SIZE  rcvd: 105

Is this the correct address of 124.66.201.190 ?
0
 
periwinkleCommented:
I can ping mail.mountainpeace.ca without problem, but when I try to telnet to port 25, I get:

telnet mail.mountainpeace.ca 25
Trying 24.66.201.190...
telnet: Unable to connect to remote host: Connection refused

This means that outside mailers cannot connect to your mailhost.

Do you have a firewall set up that is preventing routing of port 25?

From the traceroute, I notice that you are using a cable modem connection for your server:

traceroute mail.mountainpeace.ca
traceroute to mail.mountainpeace.ca (24.66.201.190), 30 hops max, 38 byte packets
 1  ge0400.ed2.wdc.dn.net (216.167.2.67)  0.431 ms  0.488 ms  0.439 ms
 2  ge-4-0.a01.alxnva02.us.ra.verio.net (216.167.88.115)  0.293 ms  0.431 ms  0.350 ms
 3  p4-6-1-0.r02.stngva01.us.bb.verio.net (129.250.17.53)  1.747 ms  1.715 ms  1.642 ms
 4  p16-0-0-0.r00.stngva01.us.bb.verio.net (129.250.5.14)  2.093 ms  2.036 ms  2.051 ms
 5  p16-0-1-1.r21.dllstx01.us.bb.verio.net (129.250.5.34)  37.899 ms  37.925 ms  37.875 ms
 6  p64-0-0-0.r20.dllstx01.us.bb.verio.net (129.250.3.40)  37.955 ms  37.970 ms  37.912 ms
 7  p16-3-0-0.r01.chcgil06.us.bb.verio.net (129.250.5.84)  62.264 ms  62.368 ms  62.249 ms
 8  p16-7-0-0.r01.chcgil01.us.bb.verio.net (129.250.5.71)  42.851 ms  42.796 ms  42.783 ms
 9  p4-6-0.r00.chcgil01.us.bb.verio.net (129.250.2.253)  42.974 ms p4-5-1.r00.chcgil01.us.bb.verio.net (129.250.3.65)  42.778 ms  42.785 ms
10  ge-0.bigpipe.chcgil01.us.bb.verio.net (129.250.10.18)  42.809 ms  43.032 ms  42.924 ms
11  rc1so-pos13-0.cg.shawcable.net (66.163.76.85)  78.014 ms  77.996 ms  77.995 ms
12  rd1lb-atm0-1-0-1.lb.shawcable.net (66.163.76.150)  80.874 ms  80.652 ms  80.647 ms
13  24.66.200.1 (24.66.200.1)  81.011 ms  80.971 ms  80.805 ms
14  h24-66-201-190.lb.shawcable.net (24.66.201.190)  133.130 ms  105.202 ms  108.014 ms

Does shawcable.net filter out connections to port 25?
0
 
periwinkleCommented:
From the www.shawcable.com website, it looks like only Business accounts support servers.  Do you have a business account or one of the lower accounts?  

For the lower accounts (Professional and SOHO), it states:

Please note The following services are not allowed to be run on Shaw provided IP Addresses: http, ftp, nntp, pop and smtp

It also states on the Business account information:

Server usage is limited to business package customers only. The lone exception is the use of a proxy server which is permitted on the SOHO and professional packages
0
 
MatthewLAuthor Commented:
Hi periwinkle,

24.66.201.190 is the correct address for the machine. Where does the 124.66.201.190 come in?

The account should be a business account, and I can get some access (i.e. I can check my mail and send something from within www.mail2web.com - just not recieve).

How would I open up port 25?

Matt
0
 
periwinkleCommented:
Hi Matthew -

RE:  124.66.201.190  - oops!  My typo - meant 24.66.201.190

RE: The account should be a business account

Oh good - then they shouldn't be blocking the port.  Have you checked with your ISP just in case?

RE: I can get some access (i.e. I can check my mail and send something from within www.mail2web.com - just not recieve).

Outgoing SMTP is different from incoming email - port 25 access is required for

Do you have a firewall of some sort that would be blocking port 25?  If so, you have to reconfigure it to allow access to port 25.

Does /etc/services on the redhat box contain a definition for port 25?

0
 
MatthewLAuthor Commented:
Hi periwinkle,

/etc/services has the following for port 25

smtp            25/tcp          mail
smtp            25/udp          mail

I will double check the account type at lunch today.

Thanks,

Matt
0
 
MatthewLAuthor Commented:
Hi periwinkle,

Sorry about the delay, had some fires to put out.  I have confirmed that it is a business account, and a windows mail server has run off the same account previously.

There also should be no firewall issues.

Thanks,

Matt
0
 
DonalSCommented:
Hi Matthew,

Try the command netstat -a
If there is a line like this in the output

   tcp 0 0 localhost.localdom:smtp *:* LISTEN

that means your sendmail only listen in 127.0.0.1 at port 25.

To enable sendmail to listen on port 25 on LAN interface IP address , do this.

Edit /etc/sendmail.cf
there is a line like this :

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA

Modify it into:

O DaemonPortOptions=Port=smtp,Addr=10.10.1.1, Name=MTA

Where 10.10.1.1 is the IP address of the LAN interface.

Replace the IP address with the IP of your server.

Save the file and reboot.

Now netstat -an should show smtp port listening on the server's IP address.

Hope this can solve your problem.

Donal
0
 
MatthewLAuthor Commented:
Hi Donal,

You nailed it!

Thanks,

Matt


0
 
periwinkleCommented:
Matthew -

I'm glad your problem was solved - and I learned something new today, too!
0
 
MatthewLAuthor Commented:
Hi Periwinkle,

I did a 2nd post yesterday that somehow got dropped.  I do very much appreciate all the help that you contributed to the solution and there is a new questions entitled pointsForPeriwinkle so that you also get rewarded.  I posted it yesterday so it may have moved down the list some.

Thanks,

Matt
0
 
periwinkleCommented:
Matthew -

Thanks for your kind award of the points - I'm very happy that your problem has been solved, and glad to have helped in helping rule out other issues, even if I wasn't the primary solver of your problem!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 12
  • 12
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now