Solved

Can't get SSL email in/out POP & SMTP

Posted on 2013-02-05
8
681 Views
Last Modified: 2013-02-05
Ok, I added firewall exceptions for tcp/udp protocols for ports 465 & 995 for my email server. The packets are getting dropped. What other protocols are involved that I need to add for communication to pass through, or what am I forgetting to do?
0
Comment
Question by:ITmanage
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 

Author Comment

by:ITmanage
ID: 38855987
Well, I am getting a network unreachable from my email server:

eb 5 10:38:28 email postfix/smtp[22991]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1a]:25: Network is unreachable
0
 
LVL 9

Expert Comment

by:tsaico
ID: 38856089
You mention putting in exceptions, these exceptions need to be in both your hardware firewall and the software firewall too.  You can also look into if your IP is banned or is a DHCP IP address as Google blocks you.  It could also be your ISP that is blocking you, and you may need to get them involved.

https://productforums.google.com/forum/?fromgroups=#!topic/gmail/oj0rcmkhALE with a link to the bulk email policies.

Because all emails require both sides to agree on communication, it might not be your server not connecting, it could be the other side refusing to allow the connection.

There are also other things that will kill your email traffic, I would also recommend you go to www.mxtoolbox.com and test your email server from an outside source.  The tools here are free and will give you some minor diagnosis on what is going on, but it will at least give you direction on what to do next.  To help more, we will need more specific information about your setup.
0
 

Author Comment

by:ITmanage
ID: 38856142
Well, I don't have mx records set up yet, but I could send emails out before without a firewall in place. Could this be the cause?

Feb 5 11:13:50 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:13:50 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:ITmanage
ID: 38856161
I have ubuntu server set up with postfix/dovecot & ispconfig. I have one to one NAT set up from a static IP to the class C static IP address. I tested the email server by sending out an email through squirrel mail before I had a firewall, and it went to a gmail account just fine, but that was on another static IP as well.
0
 

Author Comment

by:ITmanage
ID: 38856192
the log is from the message log on the email server btw.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 38856230
It can, email can be a funny beast where mail gets delivered normally in some cases and filtered as junk later, then rejected entirely a third time.  Before you can reliably test, you need to set up the foundation first, which is setting up the reverse lookups, making sure you are not on a black list.  It helps if your server is listed as a sending server in your DNS, but i have seen many with a blank spf and still work fine.

Again, test it from mxtoolbox and work on what is diagnosed there. Also, the logs from the firewall would helpful too, since it did work to some extent before it's entry, not your email log.
0
 

Author Comment

by:ITmanage
ID: 38856250
alright, thanks. Well I have a live hosted email solution with the same domain name, so I don't want to mess around too much, until the weekend, when email isn't getting looked at (business with about 40 users). I can't add any mx records anyway until I change over, because the DNS is hosted at the company. My domain is at godaddy though, so I will just change Friday evening, let it propogate, and test throughout the weekend. Thanks for the help!
0
 

Author Closing Comment

by:ITmanage
ID: 38856254
Thanks for the feedback.
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question