• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 519
  • Last Modified:

Can restarting the router effect Sendmail

I restarted my router and now I am unable to send or receive emails.  It says the connection cannot be established to the ports 25 or 110.  
Thanks
PS I can connect to the mail server via the mail server machine thru ports 25 and 110.  I am using a Linux machine with Sendmail 8.11.6
0
theret79
Asked:
theret79
  • 56
  • 45
  • 2
  • +1
1 Solution
 
prashsaxCommented:
Check if port forwarding is setup correctly on router.

Also, check the access-list on router itself.

Since you are able to access port 25 and 110 from within the network, it has to be on router.
0
 
theret79Author Commented:
All setup correctly, This worked correctly until Sunday.  So this morning I restarted the router.  It is forwarding my aliases, just not sending the mail to the individual address.  I can connect to the mail server on the mail server but outside the mail server I cannot connect.
0
 
prashsaxCommented:
Can you telnet to your mail server from some other computer on the network.

Just goto some other pc in your network:

telnet MAIL_SERVER_IP 25

this should show some banner.

0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
theret79Author Commented:
nope it says that could not open connection to the host on port 25
0
 
prashsaxCommented:
So, check if iptables is running on the linux server.


0
 
theret79Author Commented:
i turned it off with the command chkconfig --level 1235 iptables off
0
 
theret79Author Commented:
still not able to connect
0
 
prashsaxCommented:
you have to restart the server.
0
 
theret79Author Commented:
still no go, rebooted and logged back on, IPchains is not on either
0
 
prashsaxCommented:
Is sendmail running.

can you see it running.
0
 
theret79Author Commented:
just tried the telnet 10.0.0.4 25 and telnet 10.0.0.4 110 and it allowed me in, but when I start up the mail it still says it cannot connect to the POP3 server
0
 
theret79Author Commented:
sendmail accepting connections
0
 
theret79Author Commented:
I just logged in through telnet and it shows I have 29 messages, which it didn't say earlier, it is just giving me the error with Outlook, with cannot connect to POP3 server
0
 
prashsaxCommented:
Try using Outlook Express.

0
 
theret79Author Commented:
that is what we are using.  when I am on the mail server I use the ls -l command and see email in the user folders, but when we bring up outlook it is having problems connecting to our pop3 server.  I looked in the hostnames file on the server to make sure that it is what it is supposed to be.  Our domain is mail.psstat.com, and it doesn't seem to be able to connect to the mail server to get the email out.  I am so confused, as this worked yesterday.  After we figure this out I am going to see if we can get Exchange.  
0
 
prashsaxCommented:
Have your checked the logs on the server.

Which POP3 deamon are you using. Does it have some entires in the logs for some errors.
0
 
theret79Author Commented:
I will check the maillogs right now, what command do I use to check what deamon we are using?
0
 
prashsaxCommented:
If you are using Red hat than you most likely be using "pop3d".

Check if you can see it in the process list.
0
 
theret79Author Commented:
that is exactly what it is ipop3d
0
 
prashsaxCommented:
Try stopping and starting it again.

pop3d stop
pop3d start

Check if it gives you some error.
0
 
theret79Author Commented:
it just saiys OK POP3 mail.psstat.com v2000.70rh server ready
0
 
prashsaxCommented:
ok.

What is the error you are getting in the Outlook.

Are you using correct userid and password.
0
 
theret79Author Commented:
It says OUtlook is unable to connect to your incoming POP3 email server.  When I reboot I can see it says starting mail.psstat.com, you don't have to get back to this tonight, I am going home and I will try again in the AM.  Thanks
0
 
prashsaxCommented:
So, you are able to telnet to the server on port 110 from same machine, but when you try and use outlook, it say unable to connect.

If this is true, then check if some kind of firewall/antivirus with port or application blocking is installed on the machine.

If you can telnet to server and not use outlook from same machine, it points to some antivirus which is allow telnet but not outlook to connect to port 110.
0
 
theret79Author Commented:
I can connect internally if I use the telnet 10.0.0.4 25 but I cannot connect with telnet mail.psstat.com 25.  Does this make sense?  
Thanks
0
 
papimichelCommented:
check wether there is a firewall configured on that server that might drops connection attempts.
0
 
theret79Author Commented:
I turned off ipchains and iptables.  
0
 
Imtiaz HashamTechnical Director / IT ConsultantCommented:
Check if there is any firewall activated on the linux / router which will be blocking the ports!!!
0
 
theret79Author Commented:
I used the ps -x command to look at the process, I don't see anything.  What is the normal pid for firewalls.  it says sendmail: accepting connections.  When using the top command is it possilbe to cycle down through the process?  Thanks
0
 
prashsaxCommented:
If you can do it with IP address and not with name then their could be a problem with DNS record.

Check if you can ping the server with name.

0
 
theret79Author Commented:
i noticed that there were some ipchain rules running so I just removed it from startup and rebooted to see if that would work and still no go.  I wish I could make this question 1000 points.  When I ping internally i get a response. I am checking from externally.  Do you get a response when you ping mail.psstat.com?
Thanks  you will probably get to it faster than our satellite sight.
Thanks
0
 
prashsaxCommented:
Pinging mail.psstat.com [66.64.219.82]:

Ping #1: Got reply from 66.64.219.82 in 49ms [TTL=52]
Ping #2: Got reply from 66.64.219.82 in 45ms [TTL=52]
Ping #3: Got reply from 66.64.219.82 in 45ms [TTL=52]
Ping #4: Got reply from 66.64.219.82 in 45ms [TTL=52]

Done pinging mail.psstat.com!
0
 
theret79Author Commented:
that is what my satellite sight got
I see under ps -x that sendmail: accepting connections.  xinetd is running also.  I am still getting the POP3 error from outlook.  
We have an MX record.  Here are the results, does this look ok?

How I am searching:
Searching for psstat.com MX record at g.root-servers.net [192.112.36.4]: Got referral to L.GTLD-SERVERS.NET. [took 41 ms]
Searching for psstat.com MX record at L.GTLD-SERVERS.NET. [192.41.162.30]: Got referral to extns1.nuvox.net. [took 17 ms]
Searching for psstat.com MX record at extns1.nuvox.net. [64.89.70.4]: Reports smtp-in2.nuvox.net. [took 25 ms]

Answer:


Domain Type Class TTL Answer psstat.com. MX IN 3600 smtp-in2.nuvox.net. [Preference = 200]
psstat.com. MX IN 3600 smtp-in3.nuvox.net. [Preference = 300]
psstat.com. MX IN 3600 smtp-in4.nuvox.net. [Preference = 400]
psstat.com. MX IN 3600 smtp-in5.nuvox.net. [Preference = 500]
psstat.com. MX IN 3600 smtp-in6.nuvox.net. [Preference = 600]
psstat.com. MX IN 3600 mail.psstat.com. [Preference = 10]
psstat.com. MX IN 3600 smtp-in1.nuvox.net. [Preference = 100]
psstat.com. NS IN 3600 extns2.nuvox.net.
psstat.com. NS IN 3600 extns1.nuvox.net.
mail.psstat.com. A IN 3600 66.64.219.82
smtp-in1.nuvox.net. A IN 3600 64.89.70.11
smtp-in2.nuvox.net. A IN 3600 64.89.70.11
smtp-in3.nuvox.net. A IN 3600 64.89.70.11
smtp-in4.nuvox.net. A IN 3600 64.89.70.11
smtp-in5.nuvox.net. A IN 3600 64.89.70.11
smtp-in6.nuvox.net. A IN 3600 64.89.70.11
extns1.nuvox.net. A IN 3600 64.89.70.4
extns2.nuvox.net. A IN 3600 64.89.74.4
0
 
prashsaxCommented:
So, this shows that your MX records are good.

Now, ask your satellite site to try and telnet to mail.psstat.com on port 25 and 110.

Since you are able to do it internally, this test would eliminate any problems with port forwarding on router.

0
 
theret79Author Commented:
actually I am not able to do this internally.  I am able to telnet 10.0.0.4 on 25 and 110, if I use the telnet mail.psstat.com 25 or 110 it says I cannot connect.  Sorry if I was confusing above.  
0
 
prashsaxCommented:
Well  if you can do it using IP address of mail server and not the name. i.e mail.psstat.com then you internal DNS is not resolving the name to IP address.

Which DNS server are you using internally. Check if a CNAME record exists for mail.psstat.com which points to 10.0.0.4.

I belive the record is not their in internal DNS server.

If you are using external DNS server(i.e from ISP) then make sure your have allowed UDP port 53 in and out traffic on your router.
0
 
theret79Author Commented:
My router doesn't have DNS port 53 open, should I point that to the mail server or to our PDC?  I will try that.
0
 
prashsaxCommented:
Which DNS server are you using in your network.

Is it local or external to your network.
0
 
theret79Author Commented:
our forward lookup DNS is set for mail.psstat.com and it is pointing at 66.64.219.82.  the DNS lookups are pointing at the correct extns1.nuvox.net, extns2.nuvox.net.  
0
 
prashsaxCommented:
So, this is your problem, your DNS server is located outside of your network and thats why your are not able to connect to your server using name.

Just a quick test, configure outlook to use IP address of mail server instead of name (mail.psstat.com).

With this you should be able to send and receive the mails.

0
 
theret79Author Commented:
where is the CNAME located in Linux?  If you know I will check that
0
 
prashsaxCommented:
But, how can you look it, you are using external mail servers.

Or, are you using your own DNS servers.

But you just mentioned that your DNS server are 66.x.x.x and your internal IP subnet is 10.x.x.x.

Have you tried configuring outlook with IP of mail server.
0
 
theret79Author Commented:
I put the 10.0.0.4 on the POP3 and SMTP on the outlook lines.  I ran the test and it connected beautifully, but when I go into the email screen and hit send/receive it gives me the POP3 connection error.  How is that possible if it connected on the test account settings menu?
Thanks
0
 
theret79Author Commented:
It worked, but now the mail isn't coming in anymore, it seems like something is wrong with the mail.psstat.com name.
0
 
theret79Author Commented:
can send out I sent a test mail message to my hotmail account and got it, I sent a reply to my psstat.com account and haven't received it.  
0
 
prashsaxCommented:
You are trying to send mail from some other domain. e.g. yahoo.com

And you are not able to receive mails.


How about sending mails to yahoo.com. Can you receive it at yahoo.com

0
 
theret79Author Commented:
can receive at yahoo.com, but cannot send to psstat.com
0
 
prashsaxCommented:
Did you got a NDR at hotmail.com

Have you asked your guy at satellite to telnet to 66.64.219.82 on port 25.

This is where you should receive the mails.

They should be able to connect to it.(Should you router is configured correctly.)

I have check your DNS records on DNSSTUFF.com, they are fine.

Just ask them to try and telnet to port 25 on 66.64.219.82.
0
 
theret79Author Commented:
the weird thing is that I can connect to the incoming and outgoing mail servers with the 10.0.0.4, but I haven't received the test email that is sent out once you change outlook settings.  I doesn't seem like it is actually receiving even though it can connect to it.  there is plenty of space available.
0
 
theret79Author Commented:
the are unable to connect to 66.64.219.82 on port 25, I am checking my firewall again.  The ports are open, 25 and 110 on the firewall,  I didn't get a the NDR I got a delay error.  
0
 
prashsaxCommented:
You send a test mail to the same user with which you have configured outlook, and still no mail received.

If yes, then it could be a problem with either MTA or pop3d.
0
 
prashsaxCommented:
You will get NDR on hotmail.

It has to be on router or firewall.

Do you have router and firewall both, or are you using your router as firewall.
0
 
theret79Author Commented:
I have a feeling it is the ipop3d, to start it back up I have read that it is included in the xinetd running program.  when you first told me how to use the top command ipop3d was always at the top of the process, it isn't at the top right now.  How can I look at the entire list under the top command.
0
 
theret79Author Commented:
the router is the firewall
0
 
theret79Author Commented:
alright I have made some adjustments and now we can send and receive internally, but cannot receive externally.  The last time this happened (last week) our domain name expired, we have renewed it and the MX records are in order.  I don't know what it could be.  the mail is not getting into the mail server from the outside.  So it seems to me that there is something wrong with the psstat.com domain or an issue with a firewall.  
0
 
prashsaxCommented:
Yes, the issue could be either with portforward or with ACL.

Or are you using static nat instead of portforward.

Could you paste your ACLs and portforward/nat entries here.

You can change your public IP address.
0
 
theret79Author Commented:
we don't use one-to-one Nat
we are using portforward
here are the rules we have

TELNET[TCP/23~23] -> 10.0.0.2
HTTP[TCP/80~80] -> 10.0.0.3
FTP[TCP/21~21] -> 10.0.0.3
VNC[TCP/5900~5900] -> 10.0.0.3
PPTP[TCP/1723~1723] -> 10.0.0.10
IPSEC[UDP/500~500] -> 10.0.0.10
L2TP[UDP/1701~1701] ->10.0.0.10
RDP[TCP/3389~3389] -> 10.0.0.131
PCANY[TCP/5631~5631] ->10.0.0.106
PCANYW[UDP/5632~5632] -> 10.0.0.106
ALL TRAFFIC[TCP&UDP/1~65535] -> 10.0.0.1
POP3[TCP/110~110] -> 10.0.0.4
SMTP[TCP/25~25] -> 10.0.0.4

0
 
theret79Author Commented:
ipchains is running after the reboot on the mail server  The rules are
Chain input (policy ACCEPT):
target            prot  opt       source          destination              ports
ACCEPT          tcp  -y----    anywhere      anywhere              any -> imap
ACCEPT          tcp  -y----    anywhere      anywhere              any -> ssh
ACCEPT          tcp  -y----    anywhere      anywhere              any - > smtp
ACCEPT          tcp  -y----    anywhere      anywhere              any -> http
ACCEPT          udp  ------    anywhere      anywhere             bootps:bootpc -> bootps:bootpc
ACCEPT          udp  ------    anywhere      anywhere             bootps:bootpc -> bootps:bootpc
ACCEPT          all   ------    anywhere      anywhere               n/a
ACCEPT          udp ------   ns1.charter-stl.com  anywhere     domain -> any
ACCEPT          udp ------   10.0.0.131      anywhere             domain -> any
ACCEPT          tcp  -y----    anywhere      anywhere              any - > pop3
ACCEPT          udp  ------    anywhere      anywhere              any - > pop3
ACCEPT          tcp  -y----    10.0.0.0/8      anywhere              any - > netbios-ns:netbios-ssn
ACCEPT          udp  ------    10.0.0.0/8      anywhere              any - > netbios-ns:netbios-ssn
CHAIN FORWARD (POLICY ACCEPT):
CHAIN OUTPUT (POLICY ACEPT):
0
 
prashsaxCommented:
ip chains rules are fine.(As you are able to do it internally)

Aren't you using a cisco router.

Which router is this.
0
 
theret79Author Commented:
it is a Linksys RV082
0
 
prashsaxCommented:
Ok.

Now goto Firewall control page.

Check if you have a rule where

Action is allowed.
Interface is WAN.
Service is SMTP and POP3(Could be two seperate rules).
Source is any.
Detination is any.
0
 
theret79Author Commented:
Do you want me to get on the firewall control page on Linux or on my main router coming in?  I am assuming on Linux.  I don't know how to do that on the linux machine.  the Linksys router is the main router coming into the office.  The only rules I have set on the Linksys router is the port forward rules that have POP3 open and SMTP open on their respective ports.  
0
 
theret79Author Commented:
I can set access rules to allow all for the POP3 and SMTP is that what I need to do?
0
 
theret79Author Commented:
from my system log on the router I am seeing this error a lot.  
Jun 20 13:37:49 2006     System Log    Mail sending to dcannon@psstat.com failed  
0
 
prashsaxCommented:
can you resolve psstat.com using nslookup.

just do nslookup psstat.com. This should resolve to your IP address.
0
 
theret79Author Commented:
Here is the output of nslookup
Server: 10.0.0.1
Address: 10.0.0.1#53

** server can't find psstat.com. : NXDOMAIN
0
 
prashsaxCommented:
Yes, create a rule to allow SMTP and POP3 on firewall.

This will ensure that you get mails from outside.

0
 
prashsaxCommented:
So, you cannot resolve psstat.com internally.

what is 10.0.0.1. Is it your DNS server.

0
 
theret79Author Commented:
10.0.0.1 is the LAN IP
our wan DNS addresses are 66.89.74.2
                                         66.89.70.2
0
 
prashsaxCommented:
So, why is it pointing to 10.0.0.1 when you are trying to resolve the names.

It should point to 66.89.74.2.

Also, create one more rule on firewall for UDP port 53.

Have you checked if you could receive mails from outside after creating those rules on firewall.

0
 
theret79Author Commented:
In which file in Linux do I point the DNS to 66.89.74.2?  Thanks for being patient with me as I am not used to sendmail or sendmail access rules at all.
0
 
prashsaxCommented:
ok, do this.

on linux box.

ifconfig

This will show you the DNS server IP address.

Now, could you post the output.
0
 
theret79Author Commented:
eth0     Link encap: Ethernet  HWaddr 00:A0:C9:22:07:53
           inet addr: 10.0.0.4  Bcast: 10.0.0.255    Mask: 255.255.255.0
           UP BROADCAST RUNNING MUTICAST MTU: 1500  Metric: 1
           RX packets:5027  errors:0  dropped:0  overruns:0  frame:0
           TX packets:2877  errors:0  dropped:0  overruns:0  frame:0
           collisions:0  txqueuelen:100
           RX bytes:467230 (456.2 Kb)  TX bytes:204848  (200.0 Kb)
           Interrupt:11  Base address:0x8000

lo        Link encap: Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING   MTU:16436  Metric: 1
          RX packets:131132  errors:0  dropped:0  overruns:0  frame:0
          TX packets:131132  errors:0  dropped:0  overruns:0  frame:0
          collisions:0 txqueuelen:0
          RX bytes:6557280 (6.2 Mb)  TX bytes:6557280 (6.2 Mb)
0
 
prashsaxCommented:
Ok, now

check resolve.conf.

its under \etc\resolve.conf

This will show you the DNS server IP address.

Other utility to be used is "netconfig".


0
 
theret79Author Commented:
under resolve.conf it has
nameserver 10.0.0.1
0
 
theret79Author Commented:
so I need to point the nameserver to the DNS server with the netconfig utility
0
 
prashsaxCommented:
ideally it should point to a DNS server inside the network.

How about all other machine you have. Windows Machine.

What DNS server are they using.(You can find out their DNS server using ipconfig /all)

Is it 66.x.x.x or 10.0.0.1.


0
 
theret79Author Commented:
All our windows machines use 10.0.0.3 except our PDC which uses 10.0.0.1
0
 
prashsaxCommented:
And what is this 10.0.0.1. Is it a Windows Server running DNS service on it.

And what is 10.0.0.3. Is this your DNS server as well.

0
 
theret79Author Commented:
They both are running DNS on them but I think you might have mad a break thru the 10.0.0.1 DNS has nothing in there about mail.  My DNS on 10.0.0.3 has all the information about mail.psstat.com on it.
0
 
prashsaxCommented:
So, point your linux mail server to use 10.0.0.3.

With this, you should be able to send and receive mail internally.

For external mails, you still need to create firewall rules I have already told you.
0
 
theret79Author Commented:
so everything should stay the same in the netconfig utility except the DNS lookup?  Thanks for your time prashsax, if this works I wish I could give you 1000 points
0
 
prashsaxCommented:
not a problem.

Just change the DNS server to 10.0.0.3.

Then test from some internal client. Send mail locally first.
0
 
theret79Author Commented:
I have an error with lpd now when I started it up it says local host ip address is not available, so I know I screwed something up.

Here is what I entered under netconfig
IP address 10.0.0.4
Netmask  255.255.255.0
Default gateway(IP): 10.0.0.1
Primary nameserver 10.0.0.3
0
 
prashsaxCommented:
to fix it: open the network config by typing 'printtool' in your xterm.
become root of course, then select the hosts tab, then 'add'.  

you need the following:

IP: 127.0.0.1
Name: localhost.localdomain
Nickname: localhost
0
 
theret79Author Commented:
if that is just a printer utility then I am not too worried about it, I never print from that thing anyways.  Well we can send and receive internally, but the mail is still not coming in.  I sent two test emails.  if the mail servers name is 10.0.0.4 and the DNS lookup is 10.0.0.3 did I set the netconfig up correctly?  The default gateway I set to the LAN IP.  Let me know if this is correct.  Thanks again
0
 
prashsaxCommented:
Yes, it is correct.

And internal mail flow show work.(Which is working.)

Now create the rule on the firewall as I have told you above.

This will enable outbound mails as well.



0
 
theret79Author Commented:
alright I added the DNS on the port forward and pointed it to 10.0.0.3, and the TCP and SMTP are already open and pointing to 10.0.0.4, restarted Sendmail and still not go.
0
 
Imtiaz HashamTechnical Director / IT ConsultantCommented:
Can you try and restart the router again, hope that helps..
0
 
theret79Author Commented:
restarted it, still nothing.  I tried telnet to the domain name mail.psstat.com 25 internally and it can't find the name.  When I restart the Red hat it says that it is setting mail.psstat.com.  Alright thanks for your help today prashsax.  I am going home for the afternoon.  I will be dialing in tonight to see if I can figure it out.
Thanks
0
 
prashsaxCommented:
Now try this on Linux mail server.

nslookup
>set type=mx
>hotmail.com

this should resolve to MX records of hotmail.com

0
 
theret79Author Commented:
I did this and it still didn't allow any of the test hotmail messages in.  I don't know if it gets us any further but we know that we can send/receive internally and we can send externally, we are just unable to receive externally.  
0
 
prashsaxCommented:
Ask someone from outside your network to telnet to mail.psstat.com on port 25.

So, now you can send mail to hotmail.com

If they are not able to telnet, then your firewall is not allowing packets in.

What SMTP rule you exactly have on firewall.
0
 
theret79Author Commented:
smtp[TCP/25~25] -> 10.0.0.4
I had my friend telnet into mail.psstat.com 25 and it said could not open connection to the host
0
 
prashsaxCommented:
Yes, this is correct.
The interface should be WAN and source and destination should be any.
0
 
prashsaxCommented:
Try modifying the rule.

Source IP and destination IP should be any.

http://www.tomsnetworking.com/2004/04/29/linksys_rv082_10_rv082/page5.html

0
 
theret79Author Commented:
I set the rules up to accept any connections for both 25 and 110, and still not able to get in.  I can telnet in through 23 but not 25 and 110.
0
 
prashsaxCommented:
Make sure the destination IP in the firewall rule for port 25 and 110 is not 10.0.0.4.

If has to be the 66.x.x.x. or it can be any.

But it cannot be 10.0.0.4 since the interface is WAN.

What have you defined in destination rule.

Could you copy the rule here, in same format. e.g
Status Interface        Service   Source       Destination      
Allow   WAN             TCP/25   ANY            ANY
0
 
theret79Author Commented:
I took out the 10.0.0.4 rules and The rule for firewall access rules are
action  service      source interface  source     destination   time
allow  POP3(110)  wan1                  any         any             always
allow  SMTP(25)    wan1                 any          any            always
0
 
prashsaxCommented:
Yes, this is good.

Now, can someone from outside telnet to port 25 and 110.
0
 
theret79Author Commented:
nope, noone can use those two, I am calling my ISP to see if anything changed on Sunday with the pass thru router we have from them.
0
 
prashsaxCommented:
You said that people can telnet on port 23 from outside.

If thats correct, then setup port 25 access similar to port 23.

If you suspect ISP is blocking access, then you could redirect port 23 from outside to port 25 on inside.

Just for testing.

Then try to telnet on port 23 from outside, it should show you SMTP banner.



0
 
theret79Author Commented:
the port 25 similar to 23 and it seemed to open them up.  Now I am receiving email.  I don't know why that seemed to open them up but they are open now.  Thanks for your time Prashsax, i really appreciate it.
Dave
0
 
prashsaxCommented:
Good to know, that its working.

ThankQ.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 56
  • 45
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now