Solved

Can't get SSL email in/out POP & SMTP

Posted on 2013-02-05
8
663 Views
Last Modified: 2013-02-05
Ok, I added firewall exceptions for tcp/udp protocols for ports 465 & 995 for my email server. The packets are getting dropped. What other protocols are involved that I need to add for communication to pass through, or what am I forgetting to do?
0
Comment
Question by:ITmanage
  • 6
  • 2
8 Comments
 

Author Comment

by:ITmanage
ID: 38855987
Well, I am getting a network unreachable from my email server:

eb 5 10:38:28 email postfix/smtp[22991]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1a]:25: Network is unreachable
0
 
LVL 9

Expert Comment

by:tsaico
ID: 38856089
You mention putting in exceptions, these exceptions need to be in both your hardware firewall and the software firewall too.  You can also look into if your IP is banned or is a DHCP IP address as Google blocks you.  It could also be your ISP that is blocking you, and you may need to get them involved.

https://productforums.google.com/forum/?fromgroups=#!topic/gmail/oj0rcmkhALE with a link to the bulk email policies.

Because all emails require both sides to agree on communication, it might not be your server not connecting, it could be the other side refusing to allow the connection.

There are also other things that will kill your email traffic, I would also recommend you go to www.mxtoolbox.com and test your email server from an outside source.  The tools here are free and will give you some minor diagnosis on what is going on, but it will at least give you direction on what to do next.  To help more, we will need more specific information about your setup.
0
 

Author Comment

by:ITmanage
ID: 38856142
Well, I don't have mx records set up yet, but I could send emails out before without a firewall in place. Could this be the cause?

Feb 5 11:13:50 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:13:50 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
0
 

Author Comment

by:ITmanage
ID: 38856161
I have ubuntu server set up with postfix/dovecot & ispconfig. I have one to one NAT set up from a static IP to the class C static IP address. I tested the email server by sending out an email through squirrel mail before I had a firewall, and it went to a gmail account just fine, but that was on another static IP as well.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:ITmanage
ID: 38856192
the log is from the message log on the email server btw.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 38856230
It can, email can be a funny beast where mail gets delivered normally in some cases and filtered as junk later, then rejected entirely a third time.  Before you can reliably test, you need to set up the foundation first, which is setting up the reverse lookups, making sure you are not on a black list.  It helps if your server is listed as a sending server in your DNS, but i have seen many with a blank spf and still work fine.

Again, test it from mxtoolbox and work on what is diagnosed there. Also, the logs from the firewall would helpful too, since it did work to some extent before it's entry, not your email log.
0
 

Author Comment

by:ITmanage
ID: 38856250
alright, thanks. Well I have a live hosted email solution with the same domain name, so I don't want to mess around too much, until the weekend, when email isn't getting looked at (business with about 40 users). I can't add any mx records anyway until I change over, because the DNS is hosted at the company. My domain is at godaddy though, so I will just change Friday evening, let it propogate, and test throughout the weekend. Thanks for the help!
0
 

Author Closing Comment

by:ITmanage
ID: 38856254
Thanks for the feedback.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
discontiguous network and EIGRP 12 63
Encrypting LAN traffic 4 44
fiber and Gig ports on 3650 5 39
Trunk and Port Security 4 39
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now