Solved

Can't get SSL email in/out POP & SMTP

Posted on 2013-02-05
8
671 Views
Last Modified: 2013-02-05
Ok, I added firewall exceptions for tcp/udp protocols for ports 465 & 995 for my email server. The packets are getting dropped. What other protocols are involved that I need to add for communication to pass through, or what am I forgetting to do?
0
Comment
Question by:ITmanage
  • 6
  • 2
8 Comments
 

Author Comment

by:ITmanage
ID: 38855987
Well, I am getting a network unreachable from my email server:

eb 5 10:38:28 email postfix/smtp[22991]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1a]:25: Network is unreachable
0
 
LVL 9

Expert Comment

by:tsaico
ID: 38856089
You mention putting in exceptions, these exceptions need to be in both your hardware firewall and the software firewall too.  You can also look into if your IP is banned or is a DHCP IP address as Google blocks you.  It could also be your ISP that is blocking you, and you may need to get them involved.

https://productforums.google.com/forum/?fromgroups=#!topic/gmail/oj0rcmkhALE with a link to the bulk email policies.

Because all emails require both sides to agree on communication, it might not be your server not connecting, it could be the other side refusing to allow the connection.

There are also other things that will kill your email traffic, I would also recommend you go to www.mxtoolbox.com and test your email server from an outside source.  The tools here are free and will give you some minor diagnosis on what is going on, but it will at least give you direction on what to do next.  To help more, we will need more specific information about your setup.
0
 

Author Comment

by:ITmanage
ID: 38856142
Well, I don't have mx records set up yet, but I could send emails out before without a firewall in place. Could this be the cause?

Feb 5 11:13:50 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:13:50 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24323]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to gmail-smtp-in.l.google.com[2607:f8b0:4001:c02::1b]:25: Network is unreachable
Feb 5 11:14:20 email postfix/smtp[24322]: connect to gmail-smtp-in.l.google.com[74.125.142.27]:25: Connection timed out
Feb 5 11:14:20 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24322]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24317]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[173.194.74.26]:25: Connection timed out
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt1.gmail-smtp-in.l.google.com[2607:f8b0:400d:c02::1b]:25: Network is unreachable
Feb 5 11:14:50 email postfix/smtp[24323]: connect to alt2.gmail-smtp-in.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is unreachable
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:ITmanage
ID: 38856161
I have ubuntu server set up with postfix/dovecot & ispconfig. I have one to one NAT set up from a static IP to the class C static IP address. I tested the email server by sending out an email through squirrel mail before I had a firewall, and it went to a gmail account just fine, but that was on another static IP as well.
0
 

Author Comment

by:ITmanage
ID: 38856192
the log is from the message log on the email server btw.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 500 total points
ID: 38856230
It can, email can be a funny beast where mail gets delivered normally in some cases and filtered as junk later, then rejected entirely a third time.  Before you can reliably test, you need to set up the foundation first, which is setting up the reverse lookups, making sure you are not on a black list.  It helps if your server is listed as a sending server in your DNS, but i have seen many with a blank spf and still work fine.

Again, test it from mxtoolbox and work on what is diagnosed there. Also, the logs from the firewall would helpful too, since it did work to some extent before it's entry, not your email log.
0
 

Author Comment

by:ITmanage
ID: 38856250
alright, thanks. Well I have a live hosted email solution with the same domain name, so I don't want to mess around too much, until the weekend, when email isn't getting looked at (business with about 40 users). I can't add any mx records anyway until I change over, because the DNS is hosted at the company. My domain is at godaddy though, so I will just change Friday evening, let it propogate, and test throughout the weekend. Thanks for the help!
0
 

Author Closing Comment

by:ITmanage
ID: 38856254
Thanks for the feedback.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Trunk and Port Security 4 73
Classlful vs Classless subneting 18 73
local DNS vendor. 4 67
Login into my PC 5 47
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question