[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2182
  • Last Modified:

Sendmail on Solaris 9: could not send or receive email - port 25 is blocked

I have setup my Solaris 9 machine recently. I could send and receive email from localhost to other unix accounts but could not send and receive email to or from outside. I tried "telnet servername.com 25" from outside and it did not connect to email server but I could "telnet localhost 25" from inside. Could some one tell me what I need to do?
0
mrhafiz
Asked:
mrhafiz
  • 5
  • 3
  • 2
  • +3
9 Solutions
 
jlevieCommented:
This sounds like a firewall/router issue rather than a Solaris problem. But to prove that's the case and that Sendmail is properly configured try 'telnet solaris-ip 25' on this system and from some other system on the inside. If that works (and it should) you'll know that the problem lies in the firewall config.
0
 
PsiCopCommented:
Also, note that Sun is VERY bad about keeping the sendmail installations on their OSes up-to-date. Even if you apply the latest Recommended Patches, they're usually at least a year (or more) behind the times with sendmail. Frankly, I'd pkgrm SUNWsndmu and SUNWsndmr and go get the latest code from either http://www.sunfreeware.com or directly from http://www.sendmail.org and use it. The Sun-supplied versions are usually crippled, too (they don't supply a full set of m4s to allow easy rebuilding of the package to include other features - like SSL - or properly use and maintain sendmail.mc).

Also, I recommend that you grab a copy of _Sendmail_3rd_Edition_ by Bryan Costales, ISBN 1-56592-839-3. Very handy reference, once you learn your way around it.
0
 
wesly_chenCommented:
Hi,

   For the people outside the firewall to be able to send mail, you need to:
1. An WAN IP address for your mail server. Do one-to-one IP mapping (map WAN IP to the LAN IP of sendmail server).
   Also, open the TCP port 25 to LAN IP of the sendmail server on your firewall.
2. Configure your DNS server (or call your DNS hoster to do it for you) and set the MX record point to the WAN IP of your
 mail server.

Wesly
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
mrhafizAuthor Commented:
Thanks for your response. Yes it is firewall issue, I mentioned before that I could not telnet to port 25 from outside. I am using sunscreen and port 25 is opened. It is not WAN or DNS issue. What else it could block the port?
0
 
wesly_chenCommented:
# netstat -an |grep LISTEN
to see there is service listening port 25.

Wesly
0
 
mrhafizAuthor Commented:
Hi Wesly,

I got following answer from netstat. I have changed some of the ip address for privacy.
# netstat -an |grep 25
      *.25                 *.*                0      0 49152      0 LISTEN
      *.25                 *.*                0      0 49152      0 LISTEN
127.0.0.1.52503      127.0.0.1.52351      49152      0 49152      0 ESTABLISHED
127.0.0.1.52351      127.0.0.1.52503      49152      0 49152      0 ESTABLISHED
127.0.0.1.52506      127.0.0.1.52505      49152      0 49152      0 ESTABLISHED
127.0.0.1.52505      127.0.0.1.52506      49152      0 49152      0 ESTABLISHED
      *.52511              *.*                0      0 49152      0 BOUND
      *.52512              *.*                0      0 49152      0 LISTEN
127.0.0.1.52552      127.0.0.1.52351      49152      0 49152      0 ESTABLISHED
127.0.0.1.52351      127.0.0.1.52552      49152      0 49152      0 ESTABLISHED
127.0.0.1.52555      127.0.0.1.52554      49152      0 49152      0 ESTABLISHED
127.0.0.1.52554      127.0.0.1.52555      49152      0 49152      0 ESTABLISHED
67.82.141.15.52572  64.157.1.78.25           0      0 49640      0 SYN_SENT
67.82.141.15.52573  66.218.82.197.25         0      0 49640      0 SYN_SENT
      *.25                              *.*                             0      0 49152      0 LISTEN
0
 
wesly_chenCommented:
Hi,
> but could not send and receive email to or from outside.
"Outside" means outside the sendmail server or outside the firewall(internet)?
0
 
mrhafizAuthor Commented:
Yes, could not send mail outside of firewall and could not received email from outside.
0
 
jlevieCommented:
Have you adjusted the firewall config to allow inbound sendmail to your Solaris system? Does the firewall have any rules in place that would prevent outbound SMTP traffic?
0
 
PsiCopCommented:
Most firewalls default to blocking everything not explicitly permitted. So perhaps a better question is does your firewall PERMIT SMTP traffic?
0
 
mrhafizAuthor Commented:
Yes the port 25 (SMTP) is opened from SunScreen firewall. I have allowed SMTP from anywhere in SunScreen. Could this be inetd? How could i unblock it?
0
 
rugdogCommented:
have you tried telnet to port 25 from another machine within the LAN? if the firewall is already allowing inboudn SMTP to the server, and netstat shows it's listening on all interfaces in port 25,the it should work now. So, if you test of telneting to port 25 from another machine within the LAN or intranet works, then the server is ok, and there's still an issue on the firewall. When you attempt a connection from outside, does the firewall logs anything?
0
 
timf04Commented:
What is the response you get from the "telnet server 25"?  Does it hang or do you get a quick connection refused message?

Try running snoop on the server and listening on port 25 for a specific IP outside your lan.  Looking at the netstat output it may be a problem with the answer back, as the SYN_SENT flag (if it is in this state for a bit) is in the TCP handshake portion of the connection.  Do you have restrictions on the firewall for outgoing connections, or not have an "permit established" rule in place?

Tim
0
 
mrhafizAuthor Commented:
Thanks all for response. The problem was; my internet provider blocked port 25 so I could not send or receive email from or to outside.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now