Solved

Can't get SSL email in/out POP & SMTP

Posted on 2013-02-05
8
659 Views
Last Modified: 2013-02-05
Ok, I added firewall exceptions for tcp/udp protocols for ports 465 & 995 for my email server. The packets are getting dropped. What other protocols are involved that I need to add for communication to pass through, or what am I forgetting to do?
0
Comment
Question by:ITmanage
  • 6
  • 2
8 Comments
 

Author Comment

by:ITmanage
ID: 38855987
Well, I am getting a network unreachable from my email server:

eb 5 10:38:28 email postfix/smtp[22991]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1a]:25: Network is unreachable
0
 
LVL 9

Expert Comment

by:tsaico
ID: 38856089
You mention putting in exceptions, these exceptions need to be in both your hardware firewall and the software firewall too.  You can also look into if your IP is banned or is a DHCP IP address as Google blocks you.  It could also be your ISP that is blocking you, and you may need to get them involved.

https://productforums.google.com/forum/?fromgroups=#!topic/gmail/oj0rcmkhALE with a link to the bulk email policies.

Because all emails require both sides to agree on communication, it might not be your server not connecting, it could be the other side refusing to allow the connection.

There are also other things that will kill your email traffic, I would also recommend you go to www.mxtoolbox.com and test your email server from an outside source.  The tools here are free and will give you some minor diagnosis on what is going on, but it will at least give you direction on what to do next.  To help more, we will need more specific information about your setup.
0
 

Author Comment

by:ITmanage
ID: 38856142
Well, I don't have mx records set up yet, but I could send emails out before without a firewall in place. Could this be the cause?

Feb 5 11:13:50 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:13:50 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
0
 

Author Comment

by:ITmanage
ID: 38856161
I have ubuntu server set up with postfix/dovecot & ispconfig. I have one to one NAT set up from a static IP to the class C static IP address. I tested the email server by sending out an email through squirrel mail before I had a firewall, and it went to a gmail account just fine, but that was on another static IP as well.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 

Author Comment

by:ITmanage
ID: 38856192
the log is from the message log on the email server btw.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 38856230
It can, email can be a funny beast where mail gets delivered normally in some cases and filtered as junk later, then rejected entirely a third time.  Before you can reliably test, you need to set up the foundation first, which is setting up the reverse lookups, making sure you are not on a black list.  It helps if your server is listed as a sending server in your DNS, but i have seen many with a blank spf and still work fine.

Again, test it from mxtoolbox and work on what is diagnosed there. Also, the logs from the firewall would helpful too, since it did work to some extent before it's entry, not your email log.
0
 

Author Comment

by:ITmanage
ID: 38856250
alright, thanks. Well I have a live hosted email solution with the same domain name, so I don't want to mess around too much, until the weekend, when email isn't getting looked at (business with about 40 users). I can't add any mx records anyway until I change over, because the DNS is hosted at the company. My domain is at godaddy though, so I will just change Friday evening, let it propogate, and test throughout the weekend. Thanks for the help!
0
 

Author Closing Comment

by:ITmanage
ID: 38856254
Thanks for the feedback.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now