Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can't get SSL email in/out POP & SMTP

Posted on 2013-02-05
8
Medium Priority
?
693 Views
Last Modified: 2013-02-05
Ok, I added firewall exceptions for tcp/udp protocols for ports 465 & 995 for my email server. The packets are getting dropped. What other protocols are involved that I need to add for communication to pass through, or what am I forgetting to do?
0
Comment
Question by:ITmanage
  • 6
  • 2
8 Comments
 

Author Comment

by:ITmanage
ID: 38855987
Well, I am getting a network unreachable from my email server:

eb 5 10:38:28 email postfix/smtp[22991]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1a]:25: Network is unreachable
0
 
LVL 9

Expert Comment

by:tsaico
ID: 38856089
You mention putting in exceptions, these exceptions need to be in both your hardware firewall and the software firewall too.  You can also look into if your IP is banned or is a DHCP IP address as Google blocks you.  It could also be your ISP that is blocking you, and you may need to get them involved.

https://productforums.google.com/forum/?fromgroups=#!topic/gmail/oj0rcmkhALE with a link to the bulk email policies.

Because all emails require both sides to agree on communication, it might not be your server not connecting, it could be the other side refusing to allow the connection.

There are also other things that will kill your email traffic, I would also recommend you go to www.mxtoolbox.com and test your email server from an outside source.  The tools here are free and will give you some minor diagnosis on what is going on, but it will at least give you direction on what to do next.  To help more, we will need more specific information about your setup.
0
 

Author Comment

by:ITmanage
ID: 38856142
Well, I don't have mx records set up yet, but I could send emails out before without a firewall in place. Could this be the cause?

Feb 5 11:13:50 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:13:50 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ITmanage
ID: 38856161
I have ubuntu server set up with postfix/dovecot & ispconfig. I have one to one NAT set up from a static IP to the class C static IP address. I tested the email server by sending out an email through squirrel mail before I had a firewall, and it went to a gmail account just fine, but that was on another static IP as well.
0
 

Author Comment

by:ITmanage
ID: 38856192
the log is from the message log on the email server btw.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 2000 total points
ID: 38856230
It can, email can be a funny beast where mail gets delivered normally in some cases and filtered as junk later, then rejected entirely a third time.  Before you can reliably test, you need to set up the foundation first, which is setting up the reverse lookups, making sure you are not on a black list.  It helps if your server is listed as a sending server in your DNS, but i have seen many with a blank spf and still work fine.

Again, test it from mxtoolbox and work on what is diagnosed there. Also, the logs from the firewall would helpful too, since it did work to some extent before it's entry, not your email log.
0
 

Author Comment

by:ITmanage
ID: 38856250
alright, thanks. Well I have a live hosted email solution with the same domain name, so I don't want to mess around too much, until the weekend, when email isn't getting looked at (business with about 40 users). I can't add any mx records anyway until I change over, because the DNS is hosted at the company. My domain is at godaddy though, so I will just change Friday evening, let it propogate, and test throughout the weekend. Thanks for the help!
0
 

Author Closing Comment

by:ITmanage
ID: 38856254
Thanks for the feedback.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

876 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question