[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Can not send/receive email outside domain/server..   Can send/receive within the server

Posted on 2007-08-11
8
Medium Priority
?
2,252 Views
Last Modified: 2013-11-05
I can receive and send email within the server, but I can not send receive email outside the server.

Server is  RHE3, Apache, Exim 4

The server has been fine for over a year, this is the first time an email issue has sprung up.  

I also can't ping domains hosted on this server, but I can ping other domains like gmail.com.

I stopped IP tables, there is no other firewall or AV getting in the way.

I have restarted the server, stopped IP tables, checked logs.  

I do get this information back in my inbox:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

xxxxxxxx@hotmail.com
(ultimately generated from info@xxxxxxxx.com)
unrouteable mail domain "hotmail.com"
xxxxxxxxxxx@hotmail.com
(ultimately generated from info@xxxxxxxxx.com)
unrouteable mail domain "hotmail.com"
xxxxxxx@gmail.com
unrouteable mail domain "gmail.com"
xxxxxxx@hotmail.com
unrouteable mail domain "hotmail.com"


I can reach ports 80, 110, 25, 26, 22, 23, etc..   It's just a wierd anomoly that I can't figure out.
0
Comment
Question by:TPNetworks
7 Comments
 
LVL 7

Expert Comment

by:ezaton
ID: 19677510
What and where is your DNS? Maybe the server has lost its DNS server, or cannot resolve names for the given domains?
0
 

Author Comment

by:TPNetworks
ID: 19677558
The DNS is working, sites are able to resolve with FQDN.  I've restarted the server, and when it came back up I restarted BIND, and Apache with no problem.
0
 
LVL 16

Expert Comment

by:xDamox
ID: 19677712
Hi

> I also can't ping domains hosted on this server, but I can ping other domains like gmail.com.

That seems very strange, this sounds more like a DNS problem have you tried pinging the IP address instead of the domain?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:TPNetworks
ID: 19677716
Now I removed a line in my IPtables, and I can ping all domains again.  
I also completely stopped the firewall and checked, and it still didn't fix the email problem.

I found this:  http://www.webhostingtalk.com/archive/index.php/t-304956.html

This is directly related to my problem.    I get this a lot in logs:  "R=fail_remote_domains: unrouteable"  and bounce backs.

0
 

Author Comment

by:TPNetworks
ID: 19678129
Ok, I have the problem fixed, I had to force my IPTABLES to completely go away.  It was something to do with F-Secure which I had to disable also.  So I have removed F-Secure, and I am working on my IP tables now.

This will resolve my question, can someone give me a sample of IPTABLES used for a production webserver?  

I am running RHE3, Cpanel/WHM, Apache 1, PHP 4.6, MySQL 4.x, I have SSL, I use SSH, Telnet, FTP, POP mail, Exim, etc..

This is what I have right now, and it doesn't work:

# Generated by iptables-save v1.2.11 on ...............
*filter
:INPUT DROP [4:294]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx  -p tcp -m tcp --sport 1024:65535 --dport 28082 -m state --state NEW -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -m state --state NEW -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 0.0.0.0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -d 255.255.255.255 -p udp -m udp --sport 68 --dport 67 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -d xxx.xxx.xxx.xxx -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -d xxx.xxx.xxx.xxx  -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -d xxx.xxx.xxx.xxx  -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -d xxx.xxx.xxx.xxx  -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx  -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW -j ACCEPT
-A OUTPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --sport 1024:65535 --dport 28082 -m state --state NEW -j ACCEPT
-A OUTPUT -s 74.53.105.18 -m state --state NEW -j DROP
COMMIT
# Completed on ....................

0
 
LVL 16

Accepted Solution

by:
xDamox earned 2000 total points
ID: 19678776
Hi,

Try this:

*filter
:INPUT DROP [4:294]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT

# Accept Web Traffic
-A INPUT -p tcp --dport 80 -j ACCEPT

# Accept DNS Traffic
-A INPUT -p tcp --dport 53 -j ACCEPT
-A INPUT -p udp --dport 53 -j ACCEPT

# Accept MySQL Traffic
-A INPUT -p tcp --dport 3306 -j ACCEPT

# Accept POP Traffic
-A INPUT -p tcp --dport 110 -j ACCEPT

-A INPUT -d xxx.xxx.xxx.xxx -p tcp -m tcp --sport 1024:65535 --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx  -p tcp -m tcp --sport 1024:65535 --dport 28082 -m state --state NEW -j ACCEPT
-A INPUT -d xxx.xxx.xxx.xxx -m state --state NEW -j DROP
COMMIT

0
 
LVL 1

Expert Comment

by:Computer101
ID: 20144120
Forced accept.

Computer101
EE Admin
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines some of the reasons why an email message gets flagged as spam on a recipient's end.
Steps to fix error: “Couldn’t mount the database that you specified. Specified database: HU-DB; Error code: An Active Manager operation fail”
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month18 days, 20 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question